CVE-2026-2279

Name of the Vulnerable Software and Affected Versions myLinksDump plugin for WordPress versions through 1.6

Description The myLinksDump plugin for WordPress is susceptible to SQL Injection through the sort by and sort order parameters. This is due to inadequate input sanitization and insufficient SQL query preparation. An authenticated attacker with administrator-level access or higher can inject additional SQL queries into existing database queries, potentially extracting sensitive information. The vulnerable parameters are sort by and sort order.

Recommendations Update the myLinksDump plugin to a version newer than 1.6.