What is the CVSS score of CVE-2026-42755?

CVE-2026-42755 has a CVSS 3.1 base score of 9.3 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L. EPSS exploitation probability: 0.0%.

Which versions of RealMag777 TableOn are affected by CVE-2026-42755?

The RealMag777 TableOn WordPress plugin (versions through 1.0.5.1) contains an unauthenticated SQL injection vulnerability that allows remote attackers to read the entire WordPress database without…

RealMag777 TableOn CVE-2026-42755

Q: How to fix or mitigate CVE-2026-42755?

24 hours: Inventory all WordPress installations using the TableOn plugin (versions ≤1.0.5.1); assess whether the plugin is active and what sensitive data it may access. 7 days: Disable the RealMag777 TableOn plugin immediately on all production systems; if business-critical, implement WAF rules to block SQL injection patterns (focus on UNION, SELECT, comments in HTTP parameters) and apply database user least-privilege policies. 30 days: Migrate to an alternative, actively-maintained WordPress table plugin or native WordPress functionality; audit database logs for signs of exploitation or suspicious query patterns from before plugin removal.

EUVD-2026-32203 CRITICAL

SQL Injection (CWE-89)

2026-05-27 audit@patchstack.com

GHSA-5887-vh9w-5fwr

SQLi

9.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

Low

Lifecycle Timeline

Analysis Generated

May 27, 2026 - 19:48 vuln.today

DescriptionNVD

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 TableOn posts-table-filterable allows Blind SQL Injection.This issue affects TableOn: from n/a through <= 1.0.5.1.

AnalysisAI

Unauthenticated blind SQL injection in the RealMag777 TableOn (posts-table-filterable) WordPress plugin through version 1.0.5.1 lets remote attackers inject crafted SQL into backend queries without credentials or user interaction. Because the CVSS scope is marked changed (S:C) with high confidentiality impact, a successful attack can read data beyond the vulnerable component, including the WordPress database. …

RemediationAI

24 hours: Inventory all WordPress installations using the TableOn plugin (versions ≤1.0.5.1); assess whether the plugin is active and what sensitive data it may access. 7 days: Disable the RealMag777 TableOn plugin immediately on all production systems; if business-critical, implement WAF rules to block SQL injection patterns (focus on UNION, SELECT, comments in HTTP parameters) and apply database user least-privilege policies. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-42755 vulnerability details – vuln.today

Back

RealMag777 TableOn CVE-2026-42755

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code