Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jordy Meow Meow Gallery meow-gallery allows Blind SQL Injection.This issue affects Meow Gallery: from n/a through <= 5.4.4.
Published: 2026-03-13
Score: 7.6 High
EPSS: < 1% Very Low
KEV: No
Impact: SQL Injection (Blind)
Action: Apply Patch
AI Analysis

Impact

This vulnerability is an instance of improper neutralization of special elements used in an SQL command (CWE-89). The Meow Gallery plugin allows blind SQL injection through its input handling, as described in the vendor statement. No explicit description of data read/write or other functions is provided in the CVE data.

Affected Systems

All releases of the Jordy Meow Meow Gallery plugin up to and including version 5.4.4 are affected; no further version granularity is supplied.

Risk and Exploitability

The CVSS v3.1 score of 7.6 indicates high severity, while the EPSS score of less than 1% suggests low likelihood of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector involves sending crafted input to the plugin’s HTTP endpoints; this inference is based on common web‑application injection patterns and is not directly confirmed in the source data. No public exploit code is known at the time of this analysis.

Generated by OpenCVE AI on March 19, 2026 at 15:46 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Meow Gallery to version 5.4.5 or later to remove the vulnerability.
  • If an upgrade is not immediately possible, deactivate the plugin or restrict its access so that unauthorised users cannot interact with it.
  • Deploy a web application firewall or input validation rules to detect and block suspicious SQL injection payloads aimed at the plugin.
  • Monitor database logs and WordPress admin activity for signs of unauthorized queries or abnormal behavior.

Generated by OpenCVE AI on March 19, 2026 at 15:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Jordy Meow
Jordy Meow meow Gallery
Wordpress
Wordpress wordpress
Vendors & Products Jordy Meow
Jordy Meow meow Gallery
Wordpress
Wordpress wordpress

Fri, 13 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jordy Meow Meow Gallery meow-gallery allows Blind SQL Injection.This issue affects Meow Gallery: from n/a through <= 5.4.4.
Title WordPress Meow Gallery plugin <= 5.4.4 - SQL Injection vulnerability
Weaknesses CWE-89
References

Subscriptions

Jordy Meow Meow Gallery
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-01T14:16:13.404Z

Reserved: 2026-03-12T11:11:26.570Z

Link: CVE-2026-32418

cve-icon Vulnrichment

Updated: 2026-03-13T18:13:39.885Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:54:59.307

Modified: 2026-03-16T14:53:46.157

Link: CVE-2026-32418

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T12:03:45Z

Weaknesses