SQL Injection Vulnerability in Complete Google SEO Scan by Nir
CVE-2025-26590

7.6HIGH

Key Information:

Vendor: WordPress
Status: Complete Google Seo Scan
Vendor: CVE Published:; 6 June 2025

What is CVE-2025-26590?

The Complete Google SEO Scan plugin by Nir has a vulnerability that permits SQL Injection attacks due to improper neutralization of special elements within SQL commands. This security flaw could allow attackers to execute arbitrary SQL queries, potentially compromising the integrity and confidentiality of the database. Affected versions span from n/a to 3.5.1. Website administrators using this plugin should take immediate action to mitigate the risk and secure their data.

Affected Version(s)

Complete Google Seo Scan <= 3.5.1

References

https://patchstack.com/database/wordpress/plugin/complete...

vdb-entry

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 6, 2025
Vulnerability Reserved
Feb 12, 2025

Credit

Nguyen Quang Minh (VCI - VNPT Cyber Immunity) (Patchstack Alliance)

WordPress

What is CVE-2025-26590?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit