CVE-2026-4935

HIGH 8.6

SureTriggers < 1.1.23 – Unauthenticated SQLi

CVSS Score

8.6

EPSS Score

0.0%

EPSS Percentile

14th

The OttoKit: All-in-One Automation Platform WordPress plugin before 1.1.23 does not properly sanitize user input before using it in a SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks.

Vendor	unknown
Product	ottokit: all-in-one automation platform
Published	May 8, 2026
Last Updated	May 8, 2026

Stay Ahead of the Next One

Get instant alerts for unknown ottokit: all-in-one automation platform

Be the first to know when new high vulnerabilities affecting unknown ottokit: all-in-one automation platform are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Unknown / OttoKit: All-in-One Automation Platform

0 < 1.1.23

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wpscan.com: https://wpscan.com/vulnerability/54bc1bf4-1033-49e2-aff9-a14c834c35bd/

Credits

mcdruid WPScan