Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 WOLF bulk-editor allows Blind SQL Injection.This issue affects WOLF: from n/a through <= 1.0.8.7.
Published: 2026-03-13
Score: 7.6 High
EPSS: < 1% Very Low
KEV: No
Impact: SQL Injection
Action: Apply Patch
AI Analysis

Impact

Improper neutralization of special elements in SQL commands within the RealMag777 WOLF bulk‑editor plugin results in blind SQL injection. An attacker who can reach the plugin’s interface can inject crafted SQL statements that are executed against the underlying database. This can expose sensitive data, modify records or compromise the entire application, representing a significant confidentiality, integrity and availability risk.

Affected Systems

The vulnerability affects the RealMag777 WOLF plugin for WordPress in all versions up to and including 1.0.8.7. No specific sub‑versions are excluded; the issue is present from the earliest available release through 1.0.8.7.

Risk and Exploitability

The CVSS v3 base score of 7.6 indicates high severity, while the EPSS score of less than 1% suggests a low likelihood of current exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be remote, via the plugin’s bulk‑editor endpoint, and requires the attacker to be able to send HTTP requests that include the injection payload.

Generated by OpenCVE AI on March 19, 2026 at 15:08 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the RealMag777 WOLF plugin to a version newer than 1.0.8.7.
  • If an update is not available, limit access to the bulk‑editor interface to trusted users only.
  • Ensure that all database queries in the plugin use parameterized statements or proper input sanitization.

Generated by OpenCVE AI on March 19, 2026 at 15:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Realmag777
Realmag777 wolf
Wordpress
Wordpress wordpress
Vendors & Products Realmag777
Realmag777 wolf
Wordpress
Wordpress wordpress

Fri, 13 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 WOLF bulk-editor allows Blind SQL Injection.This issue affects WOLF: from n/a through <= 1.0.8.7.
Title WordPress WOLF plugin <= 1.0.8.7 - SQL Injection vulnerability
Weaknesses CWE-89
References

Subscriptions

Realmag777 Wolf
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-01T14:16:21.716Z

Reserved: 2026-03-12T11:11:45.408Z

Link: CVE-2026-32458

cve-icon Vulnrichment

Updated: 2026-03-13T14:07:45.764Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:55:08.040

Modified: 2026-03-16T14:53:46.157

Link: CVE-2026-32458

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T12:03:07Z

Weaknesses