A vulnerability, which was classified as critical , has been found in crafium OptinCraft Plugin up to 1.2.0 on WordPress. This affects an unknown part. The manipulation of the argument order_by leads to sql injection. This vulnerability is documented as CVE-2026-8978 . The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component.