CVE record
CVE-2026-7472
The Read More & Accordion plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 3.5.7. This is due to the use of esc_sql() without surrounding the value in quotes in an ORDER BY clause inside the getAllDataByLimit() and getAccordionAllDataByLimit() functions in ReadMoreData.php. The user-supplied $_GET['orderby'] value is only processed through esc_attr() (an HTML-escaping function) before being passed to these database functions, where esc_sql() is applied but the value is directly concatenated—unquoted—into the ORDER BY fragment of the SQL query before $wpdb->prepare() is called. Because esc_sql() only escapes quote characters and backslashes (which are irrelevant in an unquoted ORDER BY context), an attacker can inject arbitrary SQL expressions such as (SELECT SLEEP(5)) or conditional subqueries to perform time-based blind data extraction. This makes it possible for authenticated attackers with administrator-level access or above (or any role explicitly permitted access to the plugin's admin pages via the yrm-user-roles setting) to extract sensitive data from the database, including administrator credential hashes.
Amazon picks for vulnerability response
Product discovery links are localized to Amazon US when country data is available.
This page may contain affiliate links. We may earn a commission at no extra cost to you. As an Amazon Associate I earn from qualifying purchases.
Hardware security keys
Physical MFA keys for admin accounts, cloud consoles, password managers, and incident response workflows.
Security engineering books
Books on secure design, incident response, threat modeling, cloud security, and practical defense.
Ethernet cable testers
Portable testers for validating office, rack, home lab, and troubleshooting cable runs.
Vulnerability metadata
- Published
- 2026-05-19T20:46:39.547Z
- Modified
- 2026-05-20T08:24:54.890Z
- EPSS
- Not available
- Vector
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Recommended platforms
Affiliate-supported recommendations for CVE-2026-7472 vulnerability response.
This page may contain affiliate links. We may earn a commission at no extra cost to you. As an Amazon Associate I earn from qualifying purchases.
Security engineering books
Browse practical security, incident response, cloud security, and secure coding books for team learning.
Cloud security platform
Continuously review cloud posture, exposed services, identity risks, and misconfigurations.
Monitoring and incident response
Track uptime, logs, traces, TLS expiry, API latency, and production security signals.