CVE-2026-27428
Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eagle-Themes Eagle Booking eagle-booking allows SQL Injection.This issue affects Eagle Booking: from n/a through <= 1.3.4.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SQL injection vulnerability in Eagle Booking WordPress plugin (<=1.3.4.3) allows unauthenticated attackers to execute arbitrary SQL commands, leading to data theft.
Vulnerability
Overview
The Eagle Booking plugin for WordPress versions 1.3.4.3 and earlier contains a SQL injection vulnerability due to improper neutralization of special elements used in SQL commands [1]. This allows an attacker to inject arbitrary SQL queries into the database.
Exploitation
Attackers can exploit this vulnerability remotely, potentially without requiring authentication, by sending crafted requests to the plugin's input fields [1]. The vulnerability is expected to be used in mass-exploit campaigns targeting thousands of websites simultaneously [1].
Impact
Successful exploitation enables direct interaction with the database, allowing attackers to steal sensitive information such as user credentials, personal data, and other stored content [1]. The CVSS score of 8.5 reflects the high severity and potential for data compromise.
Mitigation
Users are strongly advised to update the plugin to the latest available version as soon as possible. If updating is not possible, contact your hosting provider or web developer for assistance [1].
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=1.3.4.3
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.