Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Unauthenticated network request reaches the vulnerable parameter (AV:N/AC:L/PR:N/UI:N); blind SQLi enables data read (C:H) but no writes or downtime (I:N/A:N).
Primary rating from Vendor (Wordfence).
CVSS VectorVendor: Wordfence
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
The Tainacan plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'geoquery' parameter in all versions up to and including 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
AnalysisAI
SQL injection in the Tainacan WordPress plugin (versions ≤ 1.0.3) lets unauthenticated attackers exfiltrate database contents through the 'geoquery' parameter, which is concatenated into a SQL query without proper escaping or prepared-statement binding. Because the injection is time-based blind, attackers infer data character-by-character from response delays rather than direct output. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that the Tainacan plugin (≤ 1.0.3) is installed and its geospatial query endpoint accepting the 'geoquery' parameter is reachable over the network; no authentication, no user interaction, and no non-default configuration are needed per CVSS AV:N/AC:L/PR:N/UI:N and the description's 'unauthenticated attackers.' The specific prerequisite is that a request reaches the code path handling the 'geoquery' geospatial filter, so exploitation is limited only by whether that filter/endpoint is exposed to the attacker; sites that block or remove the geospatial query feature are not exploitable. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, base 7.5 High) indicates a network-reachable, low-complexity, unauthenticated attack with high confidentiality impact and no integrity or availability impact - consistent with read-only data exfiltration via blind SQLi. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An unauthenticated attacker sends crafted HTTP requests to a Tainacan-powered WordPress site, injecting conditional time-delay SQL through the 'geoquery' parameter and measuring response latency to extract data such as admin password hashes and secret keys character-by-character. Given AV:N and AC:L, this requires only network access and no credentials or user interaction, making it fully automatable with standard tools like sqlmap. … |
| Remediation | Upstream fix available (commit 579d28d7752b27ed3407f5197abb6349b3efc3c9); a released patched version is not independently confirmed from the provided data, so upgrade to the first Tainacan release published after commit 579d28d (verify the version tag against the Tainacan GitHub repository and the Wordfence advisory before deploying). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: disable Tainacan plugin or confirm installed version exceeds 1.0.3; search web server access logs for 'geoquery' parameter requests; inventory all WordPress instances using this plugin. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tainacan.Org Taina
The Tainacan plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the
The Tainacan plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg withou
The Tainacan plugin for WordPress is vulnerable to SQL Injection via the 'collection_id' parameter in all versions up to
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42215
GHSA-cqgm-j57m-cj34