Media Search Enhanced SQL Injection Risk: Malicious Data Injection

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.6

Media Search Enhanced SQL Injection Risk: Malicious Data Injection

CVE-2026-23805

Summary

Media Search Enhanced versions 0.9.1 and earlier allow attackers to inject malicious SQL commands, potentially allowing them to access or modify sensitive data. This could lead to unauthorized access or data breaches. Update to version 0.9.2 or later to fix this issue.

Original title

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yoren Chang Media Search Enhanced media-search-enhanced allows SQL Injection.This issue affects...

Original description

nvd CVSS3.1 7.6

Vulnerability type

CWE-89 SQL Injection

https://patchstack.com/database/Wordpress/Plugin/media-search-enhanced/vulnerabi...

Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026