Time-Based Blind SQL Injection in Tainacan Plugin for WordPress
CVE-2026-6230
7.5HIGH
What is CVE-2026-6230?
The Tainacan plugin for WordPress is susceptible to a time-based blind SQL Injection via the 'geoquery' parameter in all versions up to and including 1.0.3. This vulnerability arises from inadequate escaping of user-supplied input combined with insufficient preparation of the SQL query. Attackers, without needing authentication, can exploit this flaw to append malicious SQL statements, potentially extracting confidential data from the database.
Affected Version(s)
Tainacan 0 <= 1.0.3