CVE-2026-45211 HIGH

CVE-2026-45211: WordPress APIExperts Square for WooCommerce plugin <= 4.7.1 - SQL Injection vulnerability

Vendor Saad Iqbal

Product APIExperts Square for WooCommerce

Weakness CWE-89 · SQLi

Published May 12, 2026

Last update May 13, 2026

View on NVD All CVEs

CVSS base score

8.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

What the vulnerability does

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saad Iqbal APIExperts Square for WooCommerce woosquare allows Blind SQL Injection.This issue affects APIExperts Square for WooCommerce: from n/a through <= 4.7.1.

Key dates

Disclosure timeline

May 12, 2026 CVE published

May 13, 2026 Record updated