Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brainstorm Force SureDash allows Blind SQL Injection.

This issue affects SureDash: from n/a through 1.8.0.
Published: 2026-06-17
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an improper neutralization of special elements in an SQL command (CWE-89), which enables blind SQL injection in the Brainstorm Force SureDash WordPress plugin. An attacker can supply crafted input that alters SQL queries executed by the plugin, potentially allowing the attacker to infer data from the database, such as user credentials, configuration settings, or other sensitive information. Because the injection is blind, the attacker relies on response timing or error-based clues, but still can gain substantial knowledge without receiving direct query results.

Affected Systems

Affected systems include the Brainstorm Force SureDash plugin for WordPress, with all releases up to and including version 1.8.0. The exact initial release is not specified. No other vendors or products are listed.

Risk and Exploitability

The CVSS score of 8.5 indicates a high severity. EPSS is not available, and the vulnerability is not listed in CISA's KEV catalog, meaning no known widespread exploitation yet, but the high score suggests significant risk. The attack vector is likely through HTTP requests to the plugin's exposed endpoints, requiring access to a WordPress site that has the plugin installed. No authentication requirement is stated, so the exploit may be possible from unauthenticated guests or staff users.

Generated by OpenCVE AI on June 18, 2026 at 11:40 UTC.

Remediation

Vendor Solution

Update the WordPress SureDash Plugin to the latest available version (at least 1.8.1).


OpenCVE Recommended Actions

  • Apply the official plugin update to version 1.8.1 or newer.
  • If immediate updating is not possible, temporarily deactivate the SureDash plugin or restrict its access to the internal network until the update is applied.
  • Conduct a thorough audit of the WordPress database and access logs to detect any signs of unauthorized data extraction or suspicious activity.

Generated by OpenCVE AI on June 18, 2026 at 11:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Brainstorm Force
Brainstorm Force suredash
Wordpress
Wordpress wordpress
Vendors & Products Brainstorm Force
Brainstorm Force suredash
Wordpress
Wordpress wordpress

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 17 Jun 2026 14:00:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brainstorm Force SureDash allows Blind SQL Injection. This issue affects SureDash: from n/a through 1.8.0.
Title WordPress SureDash plugin <= 1.8.0 - SQL Injection vulnerability
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L'}


Subscriptions

Brainstorm Force Suredash
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-17T13:59:49.475Z

Reserved: 2026-06-16T09:21:46.612Z

Link: CVE-2026-54813

cve-icon Vulnrichment

Updated: 2026-06-17T13:59:44.815Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T09:41:13Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')