Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eleopard Behance Portfolio Manager portfolio-manager-powered-by-behance allows SQL Injection.This issue affects Behance Portfolio Manager: from n/a through <= 1.7.5.
Published: 2025-03-31
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Behance Portfolio Manager plugin for WordPress contains a flaw that stems from improper neutralization of special elements used in an SQL command. This allows an attacker to embed malicious SQL into user-controllable input, leading to the execution of arbitrary queries against the website’s database. The vulnerability is classified as CWE‑89 and can be used to read, modify, or delete data stored in the database, thereby compromising the confidentiality, integrity, or availability of the WordPress installation.

Affected Systems

WordPress sites that have installed the Eleopard Behance Portfolio Manager plugin in any version through 1.7.5 are affected. Versions 1.7.6 and later are believed to have the issue addressed, and are not included in the scope of this vulnerability.

Risk and Exploitability

The CVSS score of 8.5 marks this as a high severity issue, while the EPSS score of less than 1% indicates that exploitation has not been seen widely yet but remains possible. The flaw originates from unsanitized input being included directly in database queries; therefore any endpoint that accepts user input and builds an SQL statement is a potential attack vector. Because the impact is on the database, an attacker could gain data disclosure, data modification, or full site compromise if successful.

Generated by OpenCVE AI on May 2, 2026 at 08:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Behance Portfolio Manager plugin to the latest released version (1.7.6 or newer) via the WordPress plugin repository or the vendor’s site and install it through the WordPress admin interface.
  • If an upgrade cannot be performed immediately, permanently disable or delete the Behance Portfolio Manager plugin to remove the vulnerable code from the site.
  • After remediation, review the database for any unauthorized changes, review WordPress logs for suspicious activity, and consider a comprehensive audit of other plugins that may use similar database access patterns to ensure no additional vulnerabilities exist.

Generated by OpenCVE AI on May 2, 2026 at 08:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-8832 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eleopard Behance Portfolio Manager allows SQL Injection. This issue affects Behance Portfolio Manager: from n/a through 1.7.4.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eleopard Behance Portfolio Manager allows SQL Injection. This issue affects Behance Portfolio Manager: from n/a through 1.7.4. Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eleopard Behance Portfolio Manager portfolio-manager-powered-by-behance allows SQL Injection.This issue affects Behance Portfolio Manager: from n/a through <= 1.7.5.
Title WordPress Behance Portfolio Manager plugin <= 1.7.4 - SQL Injection vulnerability WordPress Behance Portfolio Manager plugin <= 1.7.5 - SQL Injection vulnerability
References
Metrics cvssV3_1

{'score': 8.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L'}

Mon, 31 Mar 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 31 Mar 2025 13:00:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eleopard Behance Portfolio Manager allows SQL Injection. This issue affects Behance Portfolio Manager: from n/a through 1.7.4.
Title WordPress Behance Portfolio Manager plugin <= 1.7.4 - SQL Injection vulnerability
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:08.351Z

Reserved: 2025-03-31T10:05:11.644Z

Link: CVE-2025-31526

cve-icon Vulnrichment

Updated: 2025-03-31T16:05:47.559Z

cve-icon NVD

Status : Deferred

Published: 2025-03-31T13:15:46.497

Modified: 2026-04-23T15:27:54.107

Link: CVE-2025-31526

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T08:45:38Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')