Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Medinik Core medinik-core allows Blind SQL Injection.This issue affects Medinik Core: from n/a through <= 1.3.6.
Published: 2026-02-20
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Data Breach
Action: Immediate Patch
AI Analysis

Impact

This SQL Injection flaw in the Medinik Core plugin allows a blind injection of special elements; the description indicates that the injected commands may be used to retrieve, modify, or delete database content, but it is not explicitly stated that these actions are possible. The likely attack would involve extracting or altering data. The weakness maps to CWE-89 and represents a serious risk to confidentiality, integrity, and availability.

Affected Systems

The vulnerability affects the TeconceTheme Medinik Core plugin for WordPress, impacting all releases from the earliest version through version 1.3.6 inclusive.

Risk and Exploitability

The CVSS score of 9.3 indicates a very high severity. The EPSS score is below 1%, suggesting that the likelihood of exploitation is currently low, and the flaw is not listed in the CISA KEV catalog. Nevertheless, because the plugin is publicly exposed on WordPress sites, a remote attacker could potentially exploit the blind SQL injection; based on the description it is inferred that this could enable the extraction or alteration of data.

Generated by OpenCVE AI on April 28, 2026 at 09:33 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Medinik Core to the latest release (>=1.3.7)
  • Temporarily disable the Medinik Core plugin until a patch is applied
  • Ensure the database user privileges are set to the minimum required for WordPress operations

Generated by OpenCVE AI on April 28, 2026 at 09:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 25 Feb 2026 08:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 24 Feb 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L'}

Mon, 23 Feb 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Teconcetheme
Teconcetheme medinik Core
Wordpress
Wordpress wordpress
Vendors & Products Teconcetheme
Teconcetheme medinik Core
Wordpress
Wordpress wordpress

Fri, 20 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Medinik Core medinik-core allows Blind SQL Injection.This issue affects Medinik Core: from n/a through <= 1.3.6.
Title WordPress Medinik Core plugin <= 1.3.6 - SQL Injection vulnerability
Weaknesses CWE-89
References

Subscriptions

Teconcetheme Medinik Core
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T20:47:22.608Z

Reserved: 2025-12-31T20:12:02.742Z

Link: CVE-2025-69307

cve-icon Vulnrichment

Updated: 2026-02-24T19:28:25.459Z

cve-icon NVD

Status : Deferred

Published: 2026-02-20T16:22:18.877

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-69307

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T09:45:28Z

Weaknesses