Severity by source
AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L
Lifecycle Timeline
4DescriptionCVE.org
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 WOLF bulk-editor allows Blind SQL Injection.This issue affects WOLF: from n/a through <= 1.0.8.7.
AnalysisAI
SQL injection vulnerability in the RealMag777 WOLF bulk-editor WordPress plugin (versions up to 1.0.8.7) that allows authenticated administrators to execute blind SQL injection attacks. With a low EPSS score of 0.02% and no KEV listing, this vulnerability requires high privileges to exploit and is not currently being actively exploited in the wild.
Technical ContextAI
The vulnerability affects the WOLF bulk-editor plugin (CPE: cpe:2.3:a:realmag777:wolf:*:*:*:*:*:*:*:*) for WordPress, specifically versions from inception through 1.0.8.7. As a CWE-89 vulnerability, it stems from improper neutralization of special SQL command elements, allowing attackers to inject malicious SQL queries. The plugin likely fails to properly sanitize user input before constructing database queries, a common issue in WordPress plugins that interact directly with the database.
RemediationAI
Update the WOLF bulk-editor plugin to a version newer than 1.0.8.7 if available. The Patchstack reference (https://patchstack.com/database/Wordpress/Plugin/bulk-editor/vulnerability/wordpress-wolf-plugin-1-0-8-7-sql-injection-vulnerability) likely contains patch information. As an immediate mitigation, restrict WordPress admin access to trusted users only and monitor database query logs for suspicious activity. Consider temporarily disabling the plugin if updates are not immediately available.
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-12015