CVE-2026-32458

Received Received - Intake

Blind SQL Injection in RealMag777 WOLF Bulk-Editor

Publication date: 2026-03-13

Last updated on: 2026-03-13

Assigner: Patchstack

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 WOLF bulk-editor allows Blind SQL Injection.This issue affects WOLF: from n/a through <= 1.0.8.7.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-03-13

Last Modified

2026-03-13

Generated

2026-06-16

AI Q&A

2026-03-13

EPSS Evaluated

2026-06-15

NVD

CVE-2026-32458

EUVD

EUVD-2026-12015

Affected Vendors & Products

Vendor	Product	Version / Range
realmag777	wolf_bulk-editor	From 1.0.0 (inc) to 1.0.8.7 (inc)
realmag777	wolf_bulk-editor	1.0.9
realmag777	wolf	to 1.0.8.7 (inc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-89	The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

CWE ID

Description

CWE-89

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Attack-Flow Graph

Executive Summary

[{'type': 'paragraph', 'content': "CVE-2026-32458 is a SQL Injection vulnerability in the WordPress WOLF Plugin versions up to and including 1.0.8.7. It allows a malicious actor to interact directly with the plugin's database by exploiting improper neutralization of special elements in SQL commands, specifically a Blind SQL Injection."}, {'type': 'paragraph', 'content': 'This means that an attacker with at least Editor or Developer privileges can manipulate database queries, potentially leading to unauthorized data access or manipulation.'}] [1]

Impact Analysis

[{'type': 'paragraph', 'content': "The vulnerability can allow attackers to steal or manipulate data within the plugin's database. This could compromise the integrity and confidentiality of your data."}, {'type': 'paragraph', 'content': 'However, exploitation requires elevated privileges (Editor or Developer), and the vulnerability is considered to have a moderate risk with low severity impact and is unlikely to be widely exploited.'}, {'type': 'paragraph', 'content': 'Users are advised to update to version 1.0.9 or later of the WOLF Plugin to mitigate this risk.'}] [1]

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

[{'type': 'paragraph', 'content': 'To mitigate the SQL Injection vulnerability in the WordPress WOLF Plugin (versions up to 1.0.8.7), you should update the plugin to version 1.0.9 or later, where the issue is patched.'}, {'type': 'paragraph', 'content': "Additionally, using mitigation services such as Patchstack's auto-updates can provide rapid protection by automatically updating vulnerable plugins."}] [1]

Hi! I’m here to help you understand CVE-2026-32458. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70

CVE-2026-32458

Blind SQL Injection in RealMag777 WOLF Bulk-Editor

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Quick Actions

Chat Assistant

EPSS Chart