CVE-2026-39441: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Naked Cat Plugins (by Webdados) Feed KuantoKusta for WooCommerce – Free
An unauthenticated SQL Injection vulnerability exists in Feed KuantoKusta for WooCommerce – Free versions up to 5.3. This vulnerability allows remote attackers to inject SQL commands without authentication, potentially leading to high-impact data disclosure. The vulnerability is identified as CWE-89 and has a critical CVSS score of 9.3. No official patch or remediation guidance is currently available from the vendor. The vulnerability affects the plugin developed by Naked Cat Plugins (by Webdados).
AI Analysis
Technical Summary
CVE-2026-39441 is an unauthenticated SQL Injection vulnerability in Feed KuantoKusta for WooCommerce – Free plugin versions up to 5.3. The flaw allows attackers to inject malicious SQL commands remotely without requiring authentication, resulting in a high confidentiality impact and limited availability impact. The vulnerability is categorized under CWE-89 (Improper Neutralization of Special Elements used in an SQL Command). No vendor advisory or patch information is currently available, and no known exploits have been reported in the wild.
Potential Impact
Successful exploitation can lead to unauthorized disclosure of sensitive information from the database due to SQL Injection. The CVSS vector indicates no privileges or user interaction are required, making it remotely exploitable. The impact on confidentiality is high, while integrity is not affected, and availability impact is low.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, consider disabling or removing the affected plugin to prevent exploitation. Monitor for vendor updates and apply patches promptly once available.
CVE-2026-39441: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Naked Cat Plugins (by Webdados) Feed KuantoKusta for WooCommerce – Free
Description
An unauthenticated SQL Injection vulnerability exists in Feed KuantoKusta for WooCommerce – Free versions up to 5.3. This vulnerability allows remote attackers to inject SQL commands without authentication, potentially leading to high-impact data disclosure. The vulnerability is identified as CWE-89 and has a critical CVSS score of 9.3. No official patch or remediation guidance is currently available from the vendor. The vulnerability affects the plugin developed by Naked Cat Plugins (by Webdados).
CVSS v3.1
Score 9.3critical
Affected software
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-39441 is an unauthenticated SQL Injection vulnerability in Feed KuantoKusta for WooCommerce – Free plugin versions up to 5.3. The flaw allows attackers to inject malicious SQL commands remotely without requiring authentication, resulting in a high confidentiality impact and limited availability impact. The vulnerability is categorized under CWE-89 (Improper Neutralization of Special Elements used in an SQL Command). No vendor advisory or patch information is currently available, and no known exploits have been reported in the wild.
Potential Impact
Successful exploitation can lead to unauthorized disclosure of sensitive information from the database due to SQL Injection. The CVSS vector indicates no privileges or user interaction are required, making it remotely exploitable. The impact on confidentiality is high, while integrity is not affected, and availability impact is low.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, consider disabling or removing the affected plugin to prevent exploitation. Monitor for vendor updates and apply patches promptly once available.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Patchstack
- Date Reserved
- 2026-04-07T08:24:21.369Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a30613d0b89be688893c27d
Added to database: 6/15/2026, 8:31:57 PM
Last enriched: 6/15/2026, 10:16:41 PM
Last updated: 6/16/2026, 6:16:57 AM
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.