CVE-2026-45211

HIGH

WordPress APIExperts Square for WooCommerce plugin <= 4.7.1 - SQL Injection vulnerability

Title source: cna

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saad Iqbal APIExperts Square for WooCommerce woosquare allows Blind SQL Injection.This issue affects APIExperts Square for WooCommerce: from n/a through <= 4.7.1.

References (1)

Core 1

Core References

Vdb Entry vdb-entry

https://patchstack.com/database/Wordpress/Plugin/woosquare/vulnerability/wordpress-apiexperts-square-for-woocommerce-plugin-4-7-1-sql-injection-vulnerability?_s_id=cve

Scores

CVSS v3 8.5

EPSS 0.0022

EPSS Percentile 12.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (1)

Saad Iqbal/APIExperts Square for WooCommerce < 4.7.1

Published May 12, 2026

Tracked Since May 12, 2026