SQL Injection Vulnerability in SEO Booster Plugin for WordPress
CVE-2026-15458

4.9MEDIUM

Key Information:

Vendor

WordPress

Vendor
CVE Published:
16 July 2026

What is CVE-2026-15458?

The SEO Booster plugin for WordPress has a vulnerability that allows authenticated users with administrator privileges to execute arbitrary SQL queries through insufficiently sanitized input via the 'sort_field' parameter. This security flaw could lead to unauthorized data access and manipulation, exposing sensitive information stored in the database. The vulnerability affects all versions of the plugin up to and including 7.3.1, requiring urgent attention from users to mitigate potential risks.

Affected Version(s)

SEO Booster 0 <= 7.3.1

References

CVSS V3.1

Score:
4.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

PRISM
.