CVE-2026-4935 PUBLISHED

SureTriggers < 1.1.23 – Unauthenticated SQLi

Assigner: WPScan
Reserved: 26.03.2026 Published: 08.05.2026 Updated: 08.05.2026

The OttoKit: All-in-One Automation Platform WordPress plugin before 1.1.23 does not properly sanitize user input before using it in a SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks.

Product Status

Vendor	Unknown
Product	OttoKit: All-in-One Automation Platform
Versions	Default: unaffected affected from 0 to 1.1.23 (excl.)

Credits

mcdruid finder
WPScan coordinator

References

https://wpscan.com/vulnerability/54bc1bf4-1033-49e2-aff9-a14c834c35bd/

Problem Types

CWE-89 SQL Injection CWE