What the vulnerability does
01Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Caio Web Dev CWD – Stealth Links cwd-stealth-links allows SQL Injection.This issue affects CWD – Stealth Links: from n/a through <= 1.3.
Explanation of Vulnerability in Simple Terms
02Summary
CWD – Stealth Links versions 1.3 and earlier contain a SQL injection vulnerability in how the plugin processes user input. An attacker can craft malicious requests to extract sensitive data from the site's database, including user credentials and configuration details. The vulnerability requires no authentication and can be exploited remotely without user interaction.
What an attacker can do
03Attacker Capabilities
Extract sensitive data from the site database, including user credentials and site configuration.
Potential impact on your site
04Site Impact
Attackers can read your database contents, potentially exposing user passwords, email addresses, and private site data.
Conditions required to exploit
05Prerequisites
Network access to the site; no authentication or user interaction required.
Key dates
06Disclosure timeline
April 17, 2025
CVE published
May 12, 2026
Record updated