Skip to main content

Cornerstone CVE-2026-54185

| EUVDEUVD-2026-37630 HIGH
SQL Injection (CWE-89)
2026-06-17 Patchstack
8.5
CVSS 3.1 · Vendor: Patchstack
Share

Severity by source

Vendor (Patchstack) PRIMARY
8.5 HIGH
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
vuln.today AI
8.5 HIGH

Network-reachable WordPress endpoint (AV:N, AC:L) requires a Subscriber account (PR:L); SQLi reads cross-scope data (S:C, C:H) with no integrity change and minor availability impact from heavy queries.

3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (Patchstack).

CVSS VectorVendor: Patchstack

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
Low

Lifecycle Timeline

2
Patch available
Jun 17, 2026 - 13:01 EUVD
Analysis Generated
Jun 17, 2026 - 11:58 vuln.today

DescriptionCVE.org

Subscriber SQL Injection in Cornerstone < 7.8.8 versions.

AnalysisAI

SQL injection in the Cornerstone WordPress plugin (Themeco) versions prior to 7.8.8 allows authenticated users with Subscriber-level access to inject SQL into backend queries. Per the CVSS vector (PR:L, scope changed, C:H), a low-privileged WordPress account can read sensitive database contents - including credentials and PII - across security boundaries, with limited availability impact and no integrity impact. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Register Subscriber account on target site
Delivery
Authenticate to WordPress
Exploit
Send crafted request to vulnerable Cornerstone endpoint
Install
Inject SQL into backend query
C2
Exfiltrate wp_users hashes and secrets
Execute
Crack hashes or forge auth cookies
Impact
Escalate to administrator

Vulnerability AssessmentAI

Exploitation Requires (1) a Cornerstone installation at any version below 7.8.8 active on the target WordPress site, and (2) an authenticated session at WordPress Subscriber role or higher - obtainable on any site that permits user registration (wp-login.php?action=register) or where the attacker already has any account. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 base score of 8.5 (High) reflects network attack vector, low complexity, low privileges, no user interaction, and a scope change yielding High confidentiality impact - consistent with a Subscriber being able to read data beyond the plugin's intended trust boundary (e.g., wp_users password hashes, secret keys, other tenants' data). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker registers a free Subscriber account on a WordPress site running a vulnerable Cornerstone version (or uses any existing low-privilege account), then sends a crafted request to a Cornerstone AJAX/REST endpoint with a malicious SQL payload in a parameter that is concatenated into a backend query. The injected query extracts the wp_users table (including password hashes) and wp_options secret keys, which the attacker then cracks or replays to escalate to an administrator account. …
Remediation Vendor-released patch: upgrade Cornerstone to version 7.8.8 or later via the Themeco/WordPress plugin updater, which is the only complete fix; review the Patchstack advisory at https://patchstack.com/database/wordpress/plugin/cornerstone/vulnerability/wordpress-cornerstone-plugin-7-8-8-sql-injection-vulnerability for advisory details. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Enumerate all WordPress installations running Cornerstone plugin and identify all active subscriber-level accounts on affected systems. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-54185 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy