A vulnerability was found in Infility Global Plugin up to 2.15.19 on WordPress and classified as critical . Affected is the function import_list of the component ImportData Module . Such manipulation of the argument order leads to sql injection. This vulnerability is documented as CVE-2026-7842 . The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.