What the vulnerability does
01Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SEO Squirrly SEO Plugin by Squirrly SEO squirrly-seo allows SQL Injection.This issue affects SEO Plugin by Squirrly SEO: from n/a through <= 12.4.03.
Explanation of Vulnerability in Simple Terms
02Summary
A SQL injection vulnerability in SEO Plugin by Squirrly SEO versions 12.4.03 and earlier allows authenticated users with low privileges to execute arbitrary SQL queries. An attacker can read sensitive database information and disrupt site availability. The vulnerability requires a valid user account but no additional user interaction.
What an attacker can do
03Attacker Capabilities
Read sensitive database records and cause partial site outages by injecting malicious SQL commands.
Potential impact on your site
04Site Impact
Attackers with basic user accounts can steal database contents and degrade site performance without your knowledge.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege user account on the WordPress site (e.g., subscriber or contributor role).
Key dates
06Disclosure timeline
March 27, 2025
CVE published
April 28, 2026
Record updated