SQL Injection Vulnerability in Majestic Support Help Desk Plugin for WordPress
CVE-2026-13262
6.5MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 11 July 2026
What is CVE-2026-13262?
The Majestic Support Plugin for WordPress contains a SQL Injection vulnerability due to insufficient escaping of the 'val' parameter in all versions up to 1.1.9. This flaw allows unauthenticated attackers to manipulate SQL queries by injecting additional commands. By obtaining a valid 'get-smart-reply' nonce, which can be easily acquired by any Subscriber-level user through creating a ticket, malicious actors can leverage this vulnerability to extract sensitive information from the database, potentially compromising the integrity and confidentiality of user data.
Affected Version(s)
Majestic Support β The Leading-Edge Help Desk & Customer Support Plugin 0 <= 1.1.9