CVE-2026-57787
Received Received - Intake

Blind SQL Injection in CWS SVGicons

Vulnerability report for CVE-2026-57787, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-13

Last updated on: 2026-07-13

Assigner: Patchstack

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CreativeWS CWS SVGicons cws-svgicons allows Blind SQL Injection.This issue affects CWS SVGicons: from n/a through <= 1.5.5.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-13
Last Modified
2026-07-13
Generated
2026-07-13
AI Q&A
2026-07-13
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
creativews cws_svgicons From 1.0.0 (inc) to 1.5.5 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an SQL Injection flaw found in the WordPress CWS SVGicons Plugin, versions 1.5.5 and below. It allows attackers with contributor-level privileges to inject malicious SQL commands into the website's database queries without proper neutralization of special elements.

Specifically, it is a Blind SQL Injection vulnerability, meaning attackers can infer information from the database even though they do not see the direct output of their injected queries.

Impact Analysis

This vulnerability can have a high impact because it allows attackers to interact directly with the website's database, potentially leading to unauthorized data access or manipulation.

Although the severity is considered low priority by Patchstack, the CVSS score of 8.5 indicates a high risk of exploitation, especially in mass-exploit campaigns.

The impact includes possible data leakage, data corruption, or denial of service, which can disrupt website functionality and compromise sensitive information.

Mitigation Strategies

Immediate action is recommended to mitigate this vulnerability since there is no official patch available yet.

  • Update the CWS SVGicons plugin to a version higher than 1.5.5 if such an update becomes available.
  • Seek assistance from your hosting provider or a web developer to implement temporary mitigations or workarounds.

Because the vulnerability requires contributor-level privileges to exploit, reviewing and restricting user permissions may also help reduce risk.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57787. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart