CVE-2026-54808
Deferred Deferred - Pending Action
Blind SQL Injection in WP Travel Gutenberg Blocks

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: Patchstack

Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel Gutenberg Blocks allows Blind SQL Injection. This issue affects WP Travel Gutenberg Blocks: from n/a through 3.9.4.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-17
Last Modified
2026-06-17
Generated
2026-06-17
AI Q&A
2026-06-17
EPSS Evaluated
N/A
NVD
CVE-2026-54808
EUVD
EUVD-2026-37713
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
wp_travel wp_travel_gutenberg_blocks to 3.9.4 (inc)
wp_travel wp_travel_gutenberg_blocks From 3.0.0 (inc) to 3.9.4 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-54808 is a high-priority SQL Injection vulnerability found in the WordPress WP Travel Gutenberg Blocks Plugin versions 3.9.4 and below.

This vulnerability allows unauthenticated attackers to inject malicious SQL commands into the website's database queries, which can lead to unauthorized access or manipulation of sensitive data.

It is classified under OWASP Top 10 A3: Injection and is considered severe with a CVSS score of 9.3.

Impact Analysis

This vulnerability can allow attackers to interact directly with your website's database without authentication.

Potential impacts include theft of sensitive information and unauthorized data access.

Because it is a blind SQL injection, attackers may exploit it in mass campaigns, increasing the risk of widespread compromise.

Additionally, the vulnerability can cause partial denial of service by affecting database availability.

Mitigation Strategies

To mitigate this vulnerability, users are advised to update the WP Travel Gutenberg Blocks Plugin to version 3.9.5 or later, which contains the patch for this SQL Injection flaw.

If immediate updating is not possible, applying the mitigation rule provided by Patchstack to block attacks is recommended until the update can be completed.

Compliance Impact

This SQL Injection vulnerability allows unauthenticated attackers to interact directly with the website's database, potentially stealing sensitive information.

Such unauthorized access and potential data theft can lead to violations of data protection regulations like GDPR and HIPAA, which mandate the protection of sensitive personal and health information.

Failure to secure against this vulnerability could result in non-compliance with these standards due to the risk of data breaches and exposure of confidential data.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-54808. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart