CVE-2025-54726

CRITICAL EXPLOITED NUCLEI

Miguel Useche JS Archive List - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2025-54726 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including RandomRobbieBF. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository contains a functional proof-of-concept for CVE-2025-54726, demonstrating an unauthenticated SQL injection vulnerability in the JS Archive List WordPress plugin (versions up to 6.1.5). The PoC uses Ghauri to exploit boolean-based and time-based blind SQL injection via the 'cats' parameter.

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget allows SQL Injection.This issue affects JS Archive List: from n/a through < 6.1.6.

Exploits (1)

nomisec WORKING POC
by RandomRobbieBF · infoleak
https://github.com/RandomRobbieBF/CVE-2025-54726

The repository contains a functional proof-of-concept for CVE-2025-54726, demonstrating an unauthenticated SQL injection vulnerability in the JS Archive List WordPress plugin (versions up to 6.1.5). The PoC uses Ghauri to exploit boolean-based and time-based blind SQL injection via the 'cats' parameter.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: JS Archive List WordPress plugin <= 6.1.5
No auth needed
Prerequisites: WordPress installation with vulnerable plugin · Network access to the target
devstral-2 · analyzed Feb 19, 2026 Full analysis →

Nuclei Templates (1)

WordPress JS Archive List <= 6.1.5 - SQL Injection
HIGHVERIFIEDby Shivam Kamboj
FOFA: body="jquery-archive-list-widget"

References (2)

Core 2

Scores

CVSS v3 9.3
EPSS 0.0092
EPSS Percentile 76.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

VulnCheck KEV 2026-03-31
CWE
CWE-89
Status published
Products (1)
Miguel Useche/JS Archive List < 6.1.6
Published Aug 20, 2025
Tracked Since Feb 18, 2026