A vulnerability was found in Infility Global Plugin up to 2.15.16 on WordPress. It has been classified as critical . Affected is the function show_control_data::post_list . Performing a manipulation results in sql injection. This vulnerability was named CVE-2026-8685 . The attack may be initiated remotely. There is no available exploit.