Ctrl + K
/ news / CVE
CVEPublished 2026-05-18Modified 2026-05-181 article on news6 live referencesNVD data

CVE-2026-6379

Vulnerability data via NVD (ingested)

CVSS v3.1
8.6
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
EPSS percentile
Weaknesses (CWE)
CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Description

The WP Photo Album Plus WordPress plugin before 9.1.11.001 does not properly sanitize and escape a parameter before using it in a SQL query, allowing unauthenticated users to perform SQL injection attacks.

Timeline
Published 2026-05-18
Modified 2026-05-18

External references

NVDMITREExploit-DBSploitustrickest/cveVulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts
vuln:CVE-2026-6379
Hosts Shodan has explicitly fingerprinted as vulnerable.
More intel sources (5)
Shodan report
vuln:CVE-2026-6379
Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2026-6379
Censys host search filtered to this CVE id.
grep.app
CVE-2026-6379
Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2026-6379
GitHub code search for direct mentions.
Google dork
"CVE-2026-6379" exploit -site:nvd.nist.gov
Write-ups and news, NVD excluded.

Known PoCs on GitHub (8)

CVE-2026-63798 repos
0xsyr0/OSCPPowerShell
OSCP Cheat Sheet
★ 3,760·updated 6d ago
kOlapsis/maintenantGo
Drop a container. Your stack is monitored.
★ 370·updated today
praetorian-inc/brutusGo
Fast, zero-dependency credential testing tool in Go. Brute force SSH, MySQL, PostgreSQL, Redis, MongoDB, SMB, and 20+ protocols. Hydra alternative with native nerva/naabu pipeline …
★ 274·updated today
chexagon/redis-session-managerJava
A tomcat8 session manager providing session replication via persistence to redis
★ 109·updated 1mo ago
navikt/cpltRust
Sandbox wrapper for AI coding agents. Runs GitHub Copilot CLI, OpenCode, Google Gemini CLI, Pi, or a plain shell inside a kernel-level sandbox so the agent can work on your project…
★ 94·updated today
zeative/zaileysTypeScript
Zaileys - Simplified WhatsApp Node.js TypeScript/JavaScript API
★ 57·updated today
DarkFunct/TK-CVE-RepoPython
TK-CVE-Repo
★ 50·updated 2w ago
3sk1nt4n/arguswatch-aiPython
AI-Agentic Threat Intelligence - 39 collectors, 7 AI agents, 3-link proof chain, D1-D5 exposure scoring
★ 48·updated 3mo ago
Articles on news mentioning CVE-2026-6379