Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Administrator credentials required to reach the vulnerable GSC list table; read-only blind injection yields no integrity or availability impact.
Primary rating from Vendor (Wordfence).
CVSS VectorVendor: Wordfence
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
The SEO Booster plugin for WordPress is vulnerable to time-based SQL Injection via the 'orderby' parameter in all versions up to, and including, 7.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Although esc_sql() and sanitize_text_field() are applied, neither neutralizes SQL keywords, commas, parentheses, or subquery syntax in an unquoted ORDER BY context, leaving the clause fully attacker-controlled.
AnalysisAI
Time-based SQL injection in the SEO Booster WordPress plugin (versions up to and including 7.3.1) allows authenticated administrators to extract sensitive database contents by manipulating the unquoted 'orderby' parameter in the Google Search Console list table component. The root cause is that developer-applied sanitization functions esc_sql() and sanitize_text_field() fail to neutralize SQL keywords, subquery syntax, commas, or parentheses when used in an ORDER BY clause context, leaving the clause fully attacker-controlled. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a valid WordPress account with administrator-level role or higher - confirmed by CVSS PR:H. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.9 score with vector AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N accurately captures the threat profile: network-accessible exploitation with low complexity, but constrained to accounts with WordPress administrator-level privileges. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained WordPress administrator credentials - through phishing, credential stuffing, or a separate vulnerability - authenticates to the admin panel and navigates to the SEO Booster Google Search Console list table view. By injecting a time-based payload such as a conditional SLEEP() expression into the 'orderby' parameter, they observe measurable response delays that allow them to infer database content one character at a time, ultimately extracting WordPress user credentials, API keys, or other sensitive data stored in the database. … |
| Remediation | A patch changeset is available in the WordPress plugin repository at https://plugins.trac.wordpress.org/changeset?reponame=&old=3606177%40seo-booster&new=3606177%40seo-booster - site operators should update the SEO Booster plugin to the first released version incorporating this changeset; a specific fixed release version number is not independently confirmed from the provided data and should be verified in the WordPress plugin changelog before upgrading. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Seo Booster
View allThe SEO Booster WordPress plugin before 3.8 allows for authenticated SQL injection via the "fn_my_ajaxified_dataloader_a
SQL Injection in the SEO Booster WordPress plugin (versions up to and including 7.3.1) enables authenticated administrat
Cross-Site Request Forgery (CSRF) vulnerability in cleverplugins.Com SEO Booster.8.9. Rated medium severity (CVSS 4.3),
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44864
GHSA-5cpx-56hx-wvjh