Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows Blind SQL Injection.This issue affects Active Products Tables for WooCommerce: from n/a through <= 1.0.8.
Published: 2026-05-27
Score: 9.3 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Active Products Tables for WooCommerce plugin fails to neutralize special characters used in database queries, allowing an attacker to inject arbitrary SQL commands. The flaw permits a blind SQL injection attack that can reveal confidential data or modify the site’s content and transaction records. The weakness is identified as CWE‑89.

Affected Systems

Organizations running the RealMag777 Active Products Tables for WooCommerce plugin (profit‑products‑tables‑for‑woocommerce) on any version up to and including 1.0.8 are affected. The issue does not apply to versions beyond 1.0.8, though the checker shows no information for newer releases.

Risk and Exploitability

The CVSS score of 9.3 signifies critical severity, indicating wide potential impact on confidentiality, integrity, and availability. EPSS data are not available, and the vulnerability is not listed in the CISA KEV catalog, so the current public evidence of exploitation is unclear. Attackers can exploit the flaw through the web interface exposed by the plugin, sending crafted inputs to the database. While the injection is blind, repeated requests can infer data structures or values, and once confirmed, the attacker can pivot to further attacks within the WordPress environment.

Generated by OpenCVE AI on May 27, 2026 at 11:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Remove or deactivate the plugin to eliminate the attack vector.
  • Apply a web application firewall that blocks or filters SQL meta‑characters such as quotes, semicolons, or comment markers.
  • Restrict access to the plugin’s management interface to trusted users only, and monitor logs for suspicious query patterns.

Generated by OpenCVE AI on May 27, 2026 at 11:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 11:45:00 +0000

Type Values Removed Values Added
First Time appeared Realmag777
Realmag777 active Products Tables For Woocommerce
Wordpress
Wordpress wordpress
Vendors & Products Realmag777
Realmag777 active Products Tables For Woocommerce
Wordpress
Wordpress wordpress

Wed, 27 May 2026 11:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 27 May 2026 10:30:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows Blind SQL Injection.This issue affects Active Products Tables for WooCommerce: from n/a through <= 1.0.8.
Title WordPress Active Products Tables for WooCommerce plugin <= 1.0.8 - SQL Injection vulnerability
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 9.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L'}

Subscriptions

Realmag777 Active Products Tables For Woocommerce
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-05-27T10:54:04.749Z

Reserved: 2026-04-29T09:05:20.867Z

Link: CVE-2026-42727

cve-icon Vulnrichment

Updated: 2026-05-27T10:53:59.130Z

cve-icon NVD

Status : Received

Published: 2026-05-27T11:16:19.060

Modified: 2026-05-27T11:16:19.060

Link: CVE-2026-42727

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T12:00:32Z

Weaknesses