Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.2
WordPress myLinksDump Plugin Exposes Sensitive Data to Attackers
CVE-2026-2279
Summary
The myLinksDump WordPress plugin, used to manage links, is vulnerable to a security weakness that could allow attackers with administrator access to access sensitive information. This means that if an attacker has elevated access, they can potentially get access to confidential data. To protect your site, update the plugin to a newer version or remove it if it's no longer needed.
Original title
The myLinksDump plugin for WordPress is vulnerable to SQL Injection via the 'sort_by' and 'sort_order' parameters in all versions up to, and including, 1.6 due to insufficient escaping on the user ...
Original description
The myLinksDump plugin for WordPress is vulnerable to SQL Injection via the 'sort_by' and 'sort_order' parameters in all versions up to, and including, 1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
nvd CVSS3.1
7.2
Vulnerability type
CWE-89
SQL Injection
- https://plugins.trac.wordpress.org/browser/mylinksdump/tags/1.6/myLinksDump.php#...
- https://plugins.trac.wordpress.org/browser/mylinksdump/tags/1.6/myLinksDump.php#...
- https://plugins.trac.wordpress.org/browser/mylinksdump/trunk/myLinksDump.php#L41...
- https://plugins.trac.wordpress.org/browser/mylinksdump/trunk/myLinksDump.php#L42...
- https://www.wordfence.com/threat-intel/vulnerabilities/id/02b03c4a-1b2a-4fd0-887...
Published: 21 Mar 2026 · Updated: 21 Mar 2026 · First seen: 21 Mar 2026