Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Network-reachable WordPress endpoint (AV:N, AC:L) requires a Subscriber account (PR:L); SQLi reads cross-scope data (S:C, C:H) with no integrity change and minor availability impact from heavy queries.
Primary rating from Vendor (Patchstack).
CVSS VectorVendor: Patchstack
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Lifecycle Timeline
2DescriptionCVE.org
Subscriber SQL Injection in Cornerstone < 7.8.8 versions.
AnalysisAI
SQL injection in the Cornerstone WordPress plugin (Themeco) versions prior to 7.8.8 allows authenticated users with Subscriber-level access to inject SQL into backend queries. Per the CVSS vector (PR:L, scope changed, C:H), a low-privileged WordPress account can read sensitive database contents - including credentials and PII - across security boundaries, with limited availability impact and no integrity impact. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Requires (1) a Cornerstone installation at any version below 7.8.8 active on the target WordPress site, and (2) an authenticated session at WordPress Subscriber role or higher - obtainable on any site that permits user registration (wp-login.php?action=register) or where the attacker already has any account. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 base score of 8.5 (High) reflects network attack vector, low complexity, low privileges, no user interaction, and a scope change yielding High confidentiality impact - consistent with a Subscriber being able to read data beyond the plugin's intended trust boundary (e.g., wp_users password hashes, secret keys, other tenants' data). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker registers a free Subscriber account on a WordPress site running a vulnerable Cornerstone version (or uses any existing low-privilege account), then sends a crafted request to a Cornerstone AJAX/REST endpoint with a malicious SQL payload in a parameter that is concatenated into a backend query. The injected query extracts the wp_users table (including password hashes) and wp_options secret keys, which the attacker then cracks or replays to escalate to an administrator account. … |
| Remediation | Vendor-released patch: upgrade Cornerstone to version 7.8.8 or later via the Themeco/WordPress plugin updater, which is the only complete fix; review the Patchstack advisory at https://patchstack.com/database/wordpress/plugin/cornerstone/vulnerability/wordpress-cornerstone-plugin-7-8-8-sql-injection-vulnerability for advisory details. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Enumerate all WordPress installations running Cornerstone plugin and identify all active subscriber-level accounts on affected systems. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Cornerstone
View allSensitive information disclosure in the premium Cornerstone page builder (bundled with the X theme) versions 3.0.0 throu
Authenticated information disclosure in the premium Cornerstone page builder (bundled with the X WordPress theme) before
Arbitrary code execution in Themeco Cornerstone WordPress plugin versions prior to 7.8.8 allows authenticated low-privil
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37630