CVE-2026-52712 HIGH

CVE-2026-52712: WordPress Attendance Manager plugin <= 0.6.2 - SQL Injection vulnerability

Vendor Tnomi
Product Attendance Manager
Weakness CWE-89 · SQLi
Published June 16, 2026
Last update June 16, 2026

CVSS base score

7.6/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:L

What the vulnerability does

01Description

Subscriber SQL Injection in Attendance Manager <= 0.6.2 versions.

Explanation of Vulnerability in Simple Terms

02Summary

Attendance Manager versions up to 0.6.2 contain a SQL injection vulnerability in a network-accessible function that requires user authentication and victim interaction. An attacker with low-privilege access can craft malicious input to extract sensitive data from the database. The vulnerability also impacts system availability.

What an attacker can do

03Attacker Capabilities

Extract sensitive data from the database by injecting SQL commands through user input.

Potential impact on your site

04Site Impact

Unauthorized database access and potential data theft affecting all users; site performance may degrade.

Conditions required to exploit

05Prerequisites

Attacker must have a low-privilege user account and trick a victim into clicking a malicious link or visiting a crafted page.

Key dates

06Disclosure timeline

June 16, 2026 CVE published

Related vulnerabilities

08Related CVE