Severity by source
AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L
Lifecycle Timeline
6DescriptionCVE.org
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Blind SQL Injection.This issue affects User Feedback: from n/a through <= 1.10.1.
AnalysisAI
Blind SQL injection in User Feedback WordPress plugin (versions ≤1.10.1) allows authenticated attackers with low privileges to extract database contents through malicious SQL queries. The vulnerability enables cross-scope exploitation with high confidentiality impact and limited availability disruption. EPSS probability is low (0.02%, 6th percentile), no public exploit identified at time of analysis, and exploitation requires authenticated access with low attack complexity.
Technical ContextAI
This vulnerability stems from improper neutralization of SQL special characters (CWE-89) in the User Feedback WordPress plugin developed by Syed Balkhi. The affected component (cpe:2.3:a:syed_balkhi:user_feedback) fails to sanitize user-supplied input before incorporating it into SQL queries, creating a blind SQL injection vector. Blind SQLi differs from traditional SQL injection in that attackers cannot directly view query results but must infer data through boolean-based or time-based techniques. The CVSS vector indicates the flaw is network-accessible (AV:N) with low attack complexity (AC:L), requires low-level privileges (PR:L), and enables scope change (S:C), suggesting the attacker can access resources beyond the vulnerable component's security context. WordPress plugin vulnerabilities of this class typically occur in AJAX handlers, REST API endpoints, or administrative interfaces where database queries are constructed using inadequately validated user input such as POST parameters, cookies, or custom headers.
RemediationAI
Upgrade User Feedback plugin to the latest patched version immediately; consult the Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/userfeedback-lite/vulnerability/wordpress-user-feedback-plugin-1-10-1-sql-injection-vulnerability-2?_s_id=cve for specific version recommendations as vendor-released patch details are not independently confirmed in available data at time of analysis. As an interim mitigation, restrict plugin access to trusted administrator accounts only by reviewing WordPress user roles and removing unnecessary subscriber/contributor privileges, implement Web Application Firewall rules to detect and block SQL injection patterns in HTTP requests, enable WordPress database query logging to detect exploitation attempts, apply principle of least privilege to WordPress database user accounts to limit potential data exposure, and consider temporarily disabling the User Feedback plugin if it is not business-critical until patching is completed. Review database logs for suspicious query patterns (UNION statements, boolean-based conditional queries, time delays via SLEEP/BENCHMARK functions) that may indicate prior exploitation attempts.
More in User Feedback
View allSame weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-20141
GHSA-p48j-375p-c37q