Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NooTheme Organici Library noo-organici-library allows Blind SQL Injection.This issue affects Organici Library: from n/a through <= 2.1.2.
Published: 2026-03-25
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: SQL Injection – potential database compromise
Action: Immediate Patch
AI Analysis

Impact

NooTheme Organici Library version 2.1.2 includes an unsanitized database query that permits blind SQL injection, a flaw recognized as CWE-89. An attacker who can send crafted requests to the plugin may read or modify database contents, leading to confidentiality and integrity violations and possible data exfiltration.

Affected Systems

The vulnerability affects the NooTheme Organici Library plugin for WordPress, specifically all releases through 2.1.2. Users running this or earlier versions are potentially exposed.

Risk and Exploitability

The CVSS score of 8.5 signals a high severity vulnerability. Although the EPSS score is below 1%—suggesting a low likelihood of widespread exploitation—the impact is significant if an exploit is discovered. Because the plugin is web‑accessible, the likely attack vector is remote, though it may require administrative or privileged access depending on the deployed configuration. The vulnerability is not currently listed in the CISA KEV catalog.

Generated by OpenCVE AI on March 26, 2026 at 20:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Noo-organici-library to a version newer than 2.1.2 if available. If an upgrade is not immediately possible, disable or uninstall the plugin until a patched version is released. Concurrently employ a web application firewall to filter out suspicious input patterns that could trigger SQL injection attempts. Monitor database logs for anomalous queries and review site activity for signs of exploitation.

Generated by OpenCVE AI on March 26, 2026 at 20:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Nootheme
Nootheme organici Library
Wordpress
Wordpress wordpress
Vendors & Products Nootheme
Nootheme organici Library
Wordpress
Wordpress wordpress

Wed, 25 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NooTheme Organici Library noo-organici-library allows Blind SQL Injection.This issue affects Organici Library: from n/a through <= 2.1.2.
Title WordPress Organici Library plugin <= 2.1.2 - SQL Injection vulnerability
Weaknesses CWE-89
References

Subscriptions

Nootheme Organici Library
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-23T14:14:07.650Z

Reserved: 2026-01-28T09:50:46.305Z

Link: CVE-2026-24977

cve-icon Vulnrichment

Updated: 2026-03-26T19:08:36.615Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-25T17:16:40.030

Modified: 2026-03-30T13:27:12.923

Link: CVE-2026-24977

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:46:18Z

Weaknesses