What the vulnerability does
01Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in DirectIQ DirectIQ Email Marketing directiq-wp allows SQL Injection.This issue affects DirectIQ Email Marketing: from n/a through <= 2.0.
Explanation of Vulnerability in Simple Terms
02Summary
DirectIQ Email Marketing versions 2.0 and earlier contain a SQL injection vulnerability in database query handling. An attacker can craft malicious input to extract sensitive data from the database, including user credentials and email records. The vulnerability requires no authentication and can be exploited remotely. Scope is changed, meaning the impact may extend beyond the vulnerable component.
What an attacker can do
03Attacker Capabilities
Extract sensitive data from the database, including user credentials and email records.
Potential impact on your site
04Site Impact
Attacker can read user data, email lists, and potentially credentials stored in the database.
Conditions required to exploit
05Prerequisites
Network access to the application; no authentication required.
Key dates
06Disclosure timeline
June 27, 2025
CVE published
April 28, 2026
Record updated