External risk intelligence

WP eMember SQL Injection Vulnerability

CVE advisorySeverity: CRITICAL (CVSS 9.3)

CVE-2026-54811

An unauthenticated SQL injection vulnerability exists in a WordPress membership plugin that could allow attackers to access or manipulate sensitive database information. The concern is whether this plugin is used in your environment, as it could expose member and access control data.

4Halo Surface Signal

SQL Injection

External exposure likelihood

Halo Surface Signal score for CVE-2026-54811

This vulnerability affects a WordPress plugin, which is a type of web application component commonly deployed in internet-facing web environments to manage user membership and access, making it frequently reachable from the public internet.

PCI scan relevance

PCI Relevance for CVE-2026-54811

Yes

CVE-2026-54811 — Halo PCI Relevance: Yes. Under typical PCI ASV external scan criteria, this issue may be flagged for scan prioritization.

This vulnerability in WP eMember versions prior to 10.9.4 is a critical SQL injection that can be exploited by unauthenticated attackers. Its high severity makes it relevant for PCI scanning.

Scan-prioritization guidance only—not a PCI DSS certification or ASV attestation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

Horizon Alert

Summary of the vulnerability and why it matters

This advisory highlights an unauthenticated SQL injection vulnerability impacting a widely used WordPress membership plugin. If exploited, it could allow an attacker to access or manipulate sensitive data stored within the associated database. The primary concern is to confirm if this specific plugin is in use within our environment and, if so, understand the potential exposure.

  • Unauthenticated database access via a WordPress plugin.
  • Protects sensitive member and access control data.
  • Confirm relevance and potential exposure.

Attack Path

How an attacker could exploit the issue

An attacker can target unauthenticated users of the WP eMember plugin by sending specially crafted SQL queries over the network. This could allow them to manipulate database queries, potentially leading to unauthorized data access or denial of service.

  • Requires no authentication.
  • Triggered by network-sent SQL injection.
  • Risk of data exposure and service disruption.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability could allow an unauthenticated attacker to inject malicious SQL commands into the application. When supported by the advisory, this could lead to unauthorized access to sensitive data or manipulation of the application's database.

  • WordPress plugin database is at risk.
  • Unauthenticated SQL injection can occur.
  • Sensitive data could be accessed or altered.

Operational Fix

Recommended remediation, mitigation, and detection steps

This unauthenticated SQL injection vulnerability in WP eMember impacts web applications using versions prior to 10.9.4. The first practical step is for the application owner or platform team to identify all instances of this plugin, confirm its exposure to the internet, and assess its criticality to business operations. Once these factors are understood, a risk-based remediation plan, potentially involving vendor coordination or a temporary compensating control, can be developed and executed.

  • Application owners are responsible for remediation.
  • Verify internet reachability and business criticality.
  • Plan remediation based on identified risk.

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Free EASM Trial See How Signal Works

Frequently asked questions

What is the WP eMember plugin?

WP eMember is a WordPress plugin designed to manage membership sites. It allows site administrators to restrict content, manage user profiles, and control access levels for subscribers. Because it sits on top of WordPress, it interacts directly with the site's database to verify user credentials and permissions, acting as a gatekeeper for protected digital content.

How does CVE-2026-54811 work?

This vulnerability is a SQL Injection, classified as CWE-89. It occurs when software improperly cleanses user-supplied input before using it in a database query. In this case, an attacker can submit malicious SQL commands through the plugin, tricking the database into executing unintended instructions. This allows unauthorized parties to bypass typical security checks and interact directly with the underlying data structures.

Do I need to be logged in for this to trigger?

No, this vulnerability does not require authentication. An attacker can trigger the flaw remotely by sending a specifically crafted request to the site. It is important to note that this issue relies on the plugin receiving direct, malicious input via the network; simply visiting the site as a regular, non-malicious user will not inadvertently trigger the SQL injection.

Why is this a concern for my website?

According to Halo Surface Signal, this plugin is often deployed in internet-facing environments to manage memberships, making it highly reachable from the public web. Because the vulnerability is accessible over the network without requiring a user account, any instance of WP eMember exposed to the internet is a potential target for unauthorized data access or service disruption.

What is the first step to address this?

You should begin by performing an inventory of your WordPress environments to identify if version 10.9.4 or earlier of WP eMember is currently installed. Once you have located all instances, evaluate which sites are accessible from the internet and determine the sensitivity of the data they hold. This information helps you prioritize which systems require immediate attention or additional security measures while you coordinate the necessary updates.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished