Skip to main content

SEO Booster EUVDEUVD-2026-44867

| CVE-2026-15458 MEDIUM
SQL Injection (CWE-89)
2026-07-16 Wordfence GHSA-hh4v-5fxf-qpv6
4.9
CVSS 3.1 · NVD
Share

Severity by source

Vendor (Wordfence) PRIMARY
MEDIUM
qualitative
NVD
4.9 MEDIUM
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
vuln.today AI
4.9 MEDIUM

Administrator authentication requirement (PR:H) is confirmed by description; read-only SQL extraction yields C:H only with no integrity or availability impact.

3.1 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (Wordfence).

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Jul 16, 2026 - 04:47 vuln.today
CVE Published
Jul 16, 2026 - 03:44 cve.org
MEDIUM 4.9

DescriptionNVD

The SEO Booster plugin for WordPress is vulnerable to generic SQL Injection via the 'sort_field' parameter in all versions up to, and including, 7.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

AnalysisAI

SQL Injection in the SEO Booster WordPress plugin (versions up to and including 7.3.1) enables authenticated administrators to append arbitrary SQL to existing queries via the unsanitized 'sort_field' parameter, exposing sensitive database contents. The vulnerability resides in seo-booster.php (lines 389, 404, 406) where user-supplied sort input is neither escaped nor parameterized before being incorporated into SQL execution. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain WordPress admin credentials
Delivery
Authenticate to WordPress admin panel
Exploit
Craft malicious 'sort_field' parameter value
Execution
Submit request to SEO Booster admin endpoint
Persist
SQL payload appended to existing query
Impact
Extract sensitive database records

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated session with WordPress administrator-level access (or higher, such as a Super Admin in multisite). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 base score of 4.9 (Medium) accurately reflects a constrained threat. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained or holds WordPress administrator credentials on a site running SEO Booster 7.3.1 or earlier crafts an HTTP request to the affected admin endpoint, supplying a malicious value for the 'sort_field' parameter (e.g., a UNION-based or Boolean-based injection payload). The unsanitized value is passed directly into the SQL ORDER BY clause, allowing the attacker to enumerate database tables and extract sensitive data such as WordPress user hashes, secret keys, or plugin configuration data. …
Remediation Update the SEO Booster plugin to a version beyond 7.3.1; a fix has been committed to the WordPress plugin repository as changeset 3606177 (https://plugins.trac.wordpress.org/changeset?reponame=&old=3606177%40seo-booster&new=3606177%40seo-booster), though an exact patched release version is not independently confirmed in the available data - verify via the WordPress plugin dashboard that you are running the latest available release. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-44867 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy