SQL Injection Vulnerability in myLinksDump Plugin for WordPress
CVE-2026-2279

7.2HIGH

Key Information:

Vendor: WordPress
Status: Mylinksdump
Vendor: CVE Published:; 21 March 2026

What is CVE-2026-2279?

The myLinksDump plugin for WordPress has a vulnerability that allows SQL injection through the 'sort_by' and 'sort_order' parameters. This flaw arises from inadequate input escaping and improper SQL query formation, permitting authenticated users with administrator credentials to inject malicious SQL code into existing queries. Such exploitation can result in unauthorized access to sensitive database information, posing a significant risk to the integrity and confidentiality of the site's data.

Affected Version(s)

myLinksDump 0 <= 1.6

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/mylinksdump/tr...

https://plugins.trac.wordpress.org/browser/mylinksdump/ta...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 21, 2026
Vulnerability Reserved
Feb 10, 2026

Credit

san6051

CVE-2026-2279 Data

JSON