CVE-2026-23805

🗓️ 19 Feb 2026 08:26:50Reported by PatchstackType

CVE-2026-23805 affects WordPress Media Search Enhanced plugin up to version 0.9.1 with SQL Injection.

Reporter	Title	Published	Views	Family All 8
ATTACKERKB	CVE-2026-23805	19 Feb 202608:26	–	attackerkb
CNNVD	WordPress plugin Media Search Enhanced SQL注入漏洞	19 Feb 202600:00	–	cnnvd
Cvelist	CVE-2026-23805 WordPress Media Search Enhanced plugin <= 0.9.1 - SQL Injection vulnerability	19 Feb 202608:26	–	cvelist
NVD	CVE-2026-23805	19 Feb 202609:16	–	nvd
Patchstack	WordPress Media Search Enhanced plugin <= 0.9.1 - SQL Injection vulnerability	7 Jan 202608:07	–	patchstack
Positive Technologies	PT-2026-20669	19 Feb 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-23805	20 Feb 202613:26	–	redhatcve
Vulnrichment	CVE-2026-23805 WordPress Media Search Enhanced plugin <= 0.9.1 - SQL Injection vulnerability	19 Feb 202608:26	–	vulnrichment

Vulners

Node

yoren_chang media_search_enhancedRange≤0.9.1wordpress

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "media-search-enhanced",
    "product": "Media Search Enhanced",
    "vendor": "Yoren Chang",
    "versions": [
      {
        "changes": [
          {
            "at": "0.9.2",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "0.9.1",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
patchstack	www.patchstack.com/database/Wordpress/Plugin/media-search-enhanced/vulnerability/wordpress-media-search-enhanced-plugin-0-9-1-sql-injection-vulnerability

28 Apr 2026 16:14Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.17.6

EPSS0.00041

SSVC

CWE-89