Skip to main content

Tainacan EUVDEUVD-2026-42215

| CVE-2026-6230 HIGH
SQL Injection (CWE-89)
2026-07-08 Wordfence GHSA-cqgm-j57m-cj34
7.5
CVSS 3.1 · Vendor: Wordfence
Share

Severity by source

Vendor (Wordfence) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vuln.today AI
7.5 HIGH

Unauthenticated network request reaches the vulnerable parameter (AV:N/AC:L/PR:N/UI:N); blind SQLi enables data read (C:H) but no writes or downtime (I:N/A:N).

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (Wordfence).

CVSS VectorVendor: Wordfence

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Jul 08, 2026 - 12:38 vuln.today
CVE Published
Jul 08, 2026 - 11:30 nvd
HIGH 7.5

DescriptionCVE.org

The Tainacan plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'geoquery' parameter in all versions up to and including 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

AnalysisAI

SQL injection in the Tainacan WordPress plugin (versions ≤ 1.0.3) lets unauthenticated attackers exfiltrate database contents through the 'geoquery' parameter, which is concatenated into a SQL query without proper escaping or prepared-statement binding. Because the injection is time-based blind, attackers infer data character-by-character from response delays rather than direct output. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach Tainacan geoquery endpoint unauthenticated
Delivery
Inject time-delay SQL via 'geoquery'
Exploit
Trigger conditional SLEEP in query
Execution
Measure response latency per guess
Impact
Extract hashes and secrets from database

Vulnerability AssessmentAI

Exploitation Exploitation requires that the Tainacan plugin (≤ 1.0.3) is installed and its geospatial query endpoint accepting the 'geoquery' parameter is reachable over the network; no authentication, no user interaction, and no non-default configuration are needed per CVSS AV:N/AC:L/PR:N/UI:N and the description's 'unauthenticated attackers.' The specific prerequisite is that a request reaches the code path handling the 'geoquery' geospatial filter, so exploitation is limited only by whether that filter/endpoint is exposed to the attacker; sites that block or remove the geospatial query feature are not exploitable. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, base 7.5 High) indicates a network-reachable, low-complexity, unauthenticated attack with high confidentiality impact and no integrity or availability impact - consistent with read-only data exfiltration via blind SQLi. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated attacker sends crafted HTTP requests to a Tainacan-powered WordPress site, injecting conditional time-delay SQL through the 'geoquery' parameter and measuring response latency to extract data such as admin password hashes and secret keys character-by-character. Given AV:N and AC:L, this requires only network access and no credentials or user interaction, making it fully automatable with standard tools like sqlmap. …
Remediation Upstream fix available (commit 579d28d7752b27ed3407f5197abb6349b3efc3c9); a released patched version is not independently confirmed from the provided data, so upgrade to the first Tainacan release published after commit 579d28d (verify the version tag against the Tainacan GitHub repository and the Wordfence advisory before deploying). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: disable Tainacan plugin or confirm installed version exceeds 1.0.3; search web server access logs for 'geoquery' parameter requests; inventory all WordPress instances using this plugin. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-42215 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy