This vulnerability (CVE-2026-48875) is an unauthenticated SQL Injection (CWE-89) in JetSmartFilters versions up to 3.8.1. It allows remote attackers to inject malicious SQL commands without any authentication, leading to a complete loss of confidentiality and partial denial of service. The CVSS 3.1 vector indicates network attack vector, low attack complexity, no privileges required, no user interaction, and scope changed. The vulnerability is published but no official remediation or patch is currently documented. The affected product is not a cloud service, so remediation depends on vendor patching or user action.

Successful exploitation can lead to complete compromise of data confidentiality within the affected JetSmartFilters plugin, allowing attackers to access sensitive database information. Additionally, it can cause partial denial of service, impacting availability. Integrity impact is not indicated. The vulnerability is exploitable remotely without authentication, increasing risk.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or patch is currently documented, users should monitor the vendor's communications for updates. Until a patch is available, consider restricting access to the affected plugin or applying temporary mitigations if any are provided by the vendor.