WordPress SendGrid for WordPress plugin <= 1.4 - SQL Injection vulnerability
No known patch is available for this vulnerability.
The affected plugin has been removed from the WordPress.org directory (reason: Security Issue), and no patched version is being distributed through the official directory. If you have the affected software installed, you should uninstall or replace it rather than wait for an update.
Description
SQL Injection vulnerability in SendGrid for WordPress plugin (versions through 1.4) allows attackers to execute arbitrary SQL commands.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SQL Injection vulnerability in SendGrid for WordPress plugin (versions through 1.4) allows attackers to execute arbitrary SQL commands.
Vulnerability
The SendGrid for WordPress plugin (slug: wp-sendgrid-mailer) versions through 1.4 contains an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. The vulnerability exists in the plugin's handling of user-supplied input that is directly used in SQL queries without proper sanitization or parameterization. Affected versions: all versions up to and including 1.4.
Exploitation
An attacker can exploit this vulnerability by sending crafted input to the plugin's functionality that interacts with the database. No authentication is required if the vulnerable endpoint is publicly accessible, but the exact attack vector is not detailed in available references. The attacker would need to identify the specific parameter(s) that are not sanitized and inject malicious SQL statements.
Impact
Successful exploitation allows an attacker to execute arbitrary SQL commands against the WordPress database. This can lead to unauthorized access to sensitive data (e.g., user credentials, posts, options), modification or deletion of database content, and potentially further compromise of the WordPress installation.
Mitigation
No patched version is available. The plugin has been closed and removed from the WordPress.org plugin directory as of October 16, 2024, due to a security issue [1]. Users are advised to uninstall the plugin immediately and seek alternative solutions. No workaround is provided.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Range: <=1.4
- Smackcoders/SendGrid for WordPressv5Range: n/a
Patches
0wp-sendgrid-mailerThis plugin has been removed from the WordPress.org directory on 2024-10-16 (reason: Security Issue). No patched version is being distributed through the official directory. Users who have it installed should uninstall it.
Source: api.wordpress.org · directory page
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.