THREAT SENTINEL
Back to Dashboard
VulnerabilitiesMedium

Critical SQL Injection Flaw in Popular CMS Plugin

Sunday, March 8, 2026
Global
Plugin Security Advisory

Summary

A critical SQL injection vulnerability has been discovered in a popular content management system plugin with over 5 million active installations.

Threat Analysis

CMS Plugin SQL Injection Vulnerability

Vulnerability Summary: CVE-2026-7890 is a critical SQL injection vulnerability in the PopularForms plugin for ContentMaster CMS, potentially exposing sensitive database information.

Affected Versions: PopularForms plugin versions 3.0.0 through 3.5.2

CVSS Score: 9.1 (Critical)

Exploitation Details: The vulnerability exists in the form submission handler, where user input is not properly sanitized before being used in SQL queries. This allows attackers to: - Extract database contents - Modify or delete data - Potentially achieve remote code execution - Bypass authentication

Exploitation Status: Proof-of-concept code is publicly available. Active exploitation has been detected on vulnerable sites.

Remediation Steps: 1. Update to version 3.5.3 or later immediately 2. Implement web application firewall rules 3. Review database for unauthorized changes 4. Audit user accounts for compromise 5. Consider database password rotation

Last updated: Mar 15, 2026, 11:11 PM

Daily Intelligence

Stay Ahead of Threats

Subscribe to receive daily threat briefings delivered to your inbox. Be the first to know about emerging security risks.

No spamUnsubscribe anytimeDaily at 9 AM