Skip to main content

Meow Gallery CVE-2026-32418

| EUVDEUVD-2026-11941 HIGH
SQL Injection (CWE-89)
2026-03-13 Patchstack
7.6
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.6 HIGH
AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
Low

Lifecycle Timeline

4
Re-analysis Queued
Apr 22, 2026 - 21:37 vuln.today
cvss_changed
EUVD ID Assigned
Mar 13, 2026 - 16:57 euvd
EUVD-2026-11941
Analysis Generated
Mar 13, 2026 - 16:57 vuln.today
CVE Published
Mar 13, 2026 - 11:42 nvd
HIGH 7.6

DescriptionCVE.org

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jordy Meow Meow Gallery meow-gallery allows Blind SQL Injection.This issue affects Meow Gallery: from n/a through <= 5.4.4.

AnalysisAI

Blind SQL injection in Meow Gallery up to version 5.4.4 allows high-privileged attackers to extract sensitive data from the application database through specially crafted SQL queries. An authenticated administrator with high privileges can exploit this vulnerability without user interaction to perform unauthorized database queries, potentially exposing confidential information. No patch is currently available for affected installations.

Technical ContextAI

The vulnerability affects the Meow Gallery plugin by Jordy Meow, a WordPress gallery management extension. This is a classic SQL injection vulnerability (CWE-89) where user-supplied input is improperly sanitized before being incorporated into SQL queries. The blind SQL injection variant means attackers cannot see direct query results but can infer information through application behavior differences. The vulnerability requires network access and high privileges according to the CVSS vector, suggesting it likely affects administrative or editor-level functionality within the plugin where SQL queries are constructed using unsanitized user input.

RemediationAI

Update the Meow Gallery plugin to a version newer than 5.4.4 if available, as the vulnerability affects versions up to and including 5.4.4. If an update is not yet available, consider temporarily disabling the plugin until a patch is released. As a compensating control, restrict WordPress administrative and editor access to trusted users only, implement strong authentication measures including two-factor authentication, and monitor database query logs for suspicious activity patterns that might indicate SQL injection attempts. Regular WordPress and plugin updates should be part of standard security maintenance.

Share

CVE-2026-32418 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy