CVE-2025-26590
BaseFortify
Publication date: 2025-06-06
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-26590 is an SQL Injection vulnerability in the WordPress plugin 'Complete Google Seo Scan' up to version 3.5.1. It allows a malicious user with administrator privileges to manipulate SQL commands, potentially interacting directly with the website's database to steal or alter data. This vulnerability falls under the OWASP Top 10 category A3: Injection and has a moderate severity score of 7.6. [1]
How can this vulnerability impact me? :
If exploited by an attacker with administrator access, this vulnerability can lead to unauthorized data theft or manipulation within your website's database. Although exploitation requires high privileges and is considered unlikely, a successful attack could compromise data integrity and confidentiality. There is currently no official patch, but virtual patching is available as a mitigation. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability is challenging because it requires administrator-level access to exploit and plugin-based malware scanners may be unreliable. There are no specific commands provided for detection. Professional incident response services are recommended if compromise is suspected. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying virtual patching (vPatching) offered by Patchstack, which auto-mitigates the vulnerability even without an official fix. Additionally, restrict administrator-level access and monitor for suspicious activity. Seek professional incident response services if compromise is suspected. [1]