SQL Injection Vulnerability in WP Post Corrector by Vipul Jariwala
CVE-2023-26003

7.6HIGH

Key Information:

Vendor: WordPress
Status: WP Post Corrector
Vendor: CVE Published:; 6 June 2025

What is CVE-2023-26003?

The WP Post Corrector plugin, developed by Vipul Jariwala, contains an SQL Injection vulnerability that arises from improper neutralization of special elements in SQL commands. This flaw, which impacts versions up to 1.0.2, can be exploited by attackers to execute arbitrary SQL queries on the database. Such exploits can lead to unauthorized access to sensitive data, modification of database content, and potential takeovers of the affected WordPress site.

Affected Version(s)

WP Post Corrector <= 1.0.2

References

https://patchstack.com/database/wordpress/plugin/wp-post-...

vdb-entry

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 6, 2025
Vulnerability Reserved
Feb 17, 2023

Credit

Nguyen Ngoc Quang Bach (maysbachs) (Patchstack Alliance)