Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Remote subscriber-authenticated SQLi gives PR:L and AC:L with high confidentiality read; I assess scope unchanged and no integrity/availability impact, unlike the source's S:C/A:L.
Primary rating from Vendor (patchstack).
CVSS VectorVendor: patchstack
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Lifecycle Timeline
1DescriptionCVE.org
Subscriber SQL Injection in Tourfic <= 2.22.5 versions.
AnalysisAI
SQL injection in the Tourfic WordPress plugin (versions 2.22.5 and earlier) lets authenticated subscriber-level users inject arbitrary SQL through a vulnerable parameter, exposing the WordPress database. Because only a low-privilege account is required and registration is often open on WordPress sites, an attacker can read sensitive data such as user records and credential hashes. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires an authenticated WordPress account at subscriber level or higher (CVSS PR:L), so it is not anonymous - the attacker must be able to register or already possess a low-privilege account. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The provided CVSS:3.1 vector (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L, base 8.5 High) describes remote, low-complexity exploitation needing only low privileges and no user interaction, with high confidentiality impact and a scope change. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker registers a free subscriber account (or uses an existing one) on a WordPress site running Tourfic 2.22.5 or earlier, then sends a crafted request to the vulnerable plugin endpoint with malicious SQL in a parameter. Because the network attack vector and low complexity require no user interaction, automated tooling such as sqlmap could enumerate and dump the database, exfiltrating user emails and password hashes. … |
| Remediation | Upgrade Tourfic to the first release after 2.22.5 (the next maintenance version that addresses this issue per the Patchstack advisory); the input does not specify an exact fixed version, so confirm the patched version directly from the vendor before deploying - Patch available per vendor advisory at https://patchstack.com/database/wordpress/plugin/tourfic/vulnerability/wordpress-tourfic-plugin-2-22-5-sql-injection-vulnerability?_s_id=cve. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all WordPress installations running Tourfic versions 2.22.5 or earlier; restrict open subscriber registration if operationally feasible. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39718
GHSA-89jf-r85v-p58j