{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4079", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2026-03-12T20:27:38.639Z", "datePublished": "2026-04-07T06:00:11.585Z", "dateUpdated": "2026-04-07T16:26:56.057Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2026-04-07T06:00:11.585Z"}, "title": "SQL Chart Builder < 2.3.8 - Unauthenticated SQL Injection", "problemTypes": [{"descriptions": [{"description": "CWE-89 SQL Injection", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "SQL Chart Builder", "versions": [{"status": "affected", "versionType": "semver", "version": "0", "lessThan": "2.3.8"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The SQL Chart Builder WordPress plugin before 2.3.8 does not properly escape user input as it is concatened to SQL queries, making it possible for attackers to conduct SQL Injection attacks against the dynamic filter functionality."}], "references": [{"url": "https://wpscan.com/vulnerability/8ec92881-4ae5-458d-995b-f097f2bcc590/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "dangnosuy", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-07T16:26:40.710389Z", "id": "CVE-2026-4079", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-07T16:26:56.057Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-4079", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-07T16:26:40.710389Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-07T16:26:52.809Z"}}], "cna": {"title": "SQL Chart Builder < 2.3.8 - Unauthenticated SQL Injection", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "dangnosuy"}, {"lang": "en", "type": "coordinator", "value": "WPScan"}], "affected": [{"vendor": "Unknown", "product": "SQL Chart Builder", "versions": [{"status": "affected", "version": "0", "lessThan": "2.3.8", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://wpscan.com/vulnerability/8ec92881-4ae5-458d-995b-f097f2bcc590/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "x_generator": {"engine": "WPScan CVE Generator"}, "descriptions": [{"lang": "en", "value": "The SQL Chart Builder WordPress plugin before 2.3.8 does not properly escape user input as it is concatened to SQL queries, making it possible for attackers to conduct SQL Injection attacks against the dynamic filter functionality."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-89 SQL Injection"}]}], "providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2026-04-07T06:00:11.585Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4079", "state": "PUBLISHED", "dateUpdated": "2026-04-07T16:26:56.057Z", "dateReserved": "2026-03-12T20:27:38.639Z", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "datePublished": "2026-04-07T06:00:11.585Z", "assignerShortName": "WPScan"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:guaven:sql_chart_builder:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "38479966-A060-4B1F-8681-D6866D5B9C76", "versionEndExcluding": "2.3.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The SQL Chart Builder WordPress plugin before 2.3.8 does not properly escape user input as it is concatened to SQL queries, making it possible for attackers to conduct SQL Injection attacks against the dynamic filter functionality."}], "id": "CVE-2026-4079", "lastModified": "2026-04-09T19:51:34.740", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-07T07:16:23.927", "references": [{"source": "contact@wpscan.com", "tags": ["Third Party Advisory", "Exploit"], "url": "https://wpscan.com/vulnerability/8ec92881-4ae5-458d-995b-f097f2bcc590/"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.3.8)"}}], "enrichment": {"confidence": 70.0, "confidence_source": "inferred", "scores": [{"score": 70.0, "source": "inferred"}]}, "original": {"product": "SQL Chart Builder", "source": "cna", "vendor": "Unknown"}, "product": "sql_chart_builder", "vendor": "sql_chart_builder"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-07T23:25:37.994533+00:00", "value": {"mitigation_remediation": ["Update the SQL Chart Builder plugin to version 2.3.8 or later.", "If the plugin cannot be updated, remove or disable it from the WordPress installation.", "Verify that the update or removal has been applied by checking the plugin list in the WordPress dashboard."], "summary": {"action": "Immediate Patch", "impact": "SQL Injection"}, "threat_synthesis": {"affected_systems": "Any WordPress site running SQL Chart Builder plugin version earlier than 2.3.8 is affected. Administrators should check the plugin version for each installation and ensure the correct version is specified when deploying the plugin.", "description_and_impact": "The SQL Chart Builder WordPress plugin does not escape user input that is appended to SQL queries, allowing attackers to inject arbitrary SQL commands into the dynamic filter feature. An attacker who can access the filter endpoint can read, modify, or delete data within the database, potentially compromising the confidentiality and integrity of the site\u2019s content and, in some cases, elevating privileges or allowing further exploitation.", "risk_and_exploitability": "The vulnerability carries a CVSS score of 6.5, indicating moderate severity, and an EPSS score of less than 1 percent, suggesting a low likelihood of widespread exploitation. It is not listed in the CISA KEV catalog. The attack vector is likely a network-based request to the plugin\u2019s filter endpoint, with no authentication required. Once successful, the attacker can execute arbitrary SQL statements against the site\u2019s database, which could lead to data exposure or site compromise."}}}}, "created": "2026-04-07T09:36:20.299811+00:00", "updated": "2026-04-08T19:50:01.409922+00:00", "vendors": ["sql_chart_builder", "sql_chart_builder$PRODUCT$sql_chart_builder", "wordpress", "wordpress$PRODUCT$wordpress"]}