CVE-2026-45213
Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 BEAR woo-bulk-editor allows Blind SQL Injection.This issue affects BEAR: from n/a through <= 1.1.7.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Blind SQL injection in RealMag777 BEAR plugin (woo-bulk-editor) up to 1.1.7.1 allows database interaction and data theft; update to 1.1.8.
The BEAR WordPress plugin (woo-bulk-editor) contains a blind SQL injection vulnerability due to improper neutralization of special elements used in an SQL command. This flaw is present in versions through 1.1.7.1 [1].
Attackers can exploit this vulnerability by sending crafted HTTP requests to the plugin's endpoints, potentially without requiring authentication. The blind nature of the injection means an attacker can extract data through boolean or time-based queries, making it suitable for automated mass-exploit campaigns [1].
The impact is significant: a successful attacker can directly interact with the underlying database, leading to theft of sensitive information such as user credentials, personal data, or configuration details [1].
As a mitigation, users should update to version 1.1.8 or later, where the issue is fixed. Patchstack users can enable auto-updates for vulnerable plugins [1].
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <=1.1.7.1
- Range: <=1.1.7.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
2- Wordfence Intelligence Weekly WordPress Vulnerability Report (May 4, 2026 to May 10, 2026)Wordfence Blog · May 14, 2026
- Wordfence Intelligence Weekly WordPress Vulnerability Report (April 6, 2026 to April 12, 2026)Wordfence Blog · Apr 16, 2026