Live Exposure Defense: From CVE to Confirmed Exposure in 12 Hours – See more

New CVE Detected

CVE-2026-12512 – Unauthenticated SQL Injection – Quotes llama WordPress Plugin before 3.1.6

Be the first to know when new zero-days emerge:

Summary

CVE-2026-12512 is a high-severity, unauthenticated UNION-based SQL injection vulnerability affecting the Quotes llama WordPress plugin in all versions before 3.1.6. The flaw stems from insufficient sanitization of a user-supplied parameter (sc) processed by publicly accessible AJAX handlers, allowing any unauthenticated remote attacker to read arbitrary data from the underlying WordPress database. With a CVSS v3.1 score of 8.6 (High), successful exploitation can expose password hashes and other sensitive database contents, enabling potential account takeover and full site compromise.

Technical details

  • Root cause: The plugin fails to properly sanitize and escape the sc parameter before incorporating it into a SQL query, violating CWE-89 (Improper Neutralization of Special Elements used in an SQL Command).
  • Trigger conditions: The vulnerable sc parameter is accepted by two unauthenticated AJAX handlers — select_search and select_search_page — which are publicly reachable without any login or authentication context.
  • Attack vector: Remote, unauthenticated network access over HTTP/HTTPS; no credentials or user interaction required. Attack complexity is low.
  • Injection technique: UNION-based SQL injection, enabling an attacker to append arbitrary SQL clauses and retrieve the full contents of the WordPress database, including the wp_users table.
  • Impact: Complete read access to database contents, including WordPress user password hashes. Extracted hashes can be subjected to offline brute-force or dictionary attacks, potentially leading to administrative account takeover and full WordPress site compromise. The CVSS Scope is set to Changed, reflecting that the impact crosses the security boundary of the plugin itself into the broader WordPress database context.

Affected software

  • Quotes llama WordPress Plugin — all versions before 3.1.6

Severity

  • CVSS v3.1 Base Score: 8.6 (High)
  • Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Mitigation and recommended actions

  • Immediate: Update the Quotes llama plugin to version 3.1.6 or later (version 3.1.7 is the current release as of July 2026) via the WordPress Dashboard → Plugins → Update. This version contains the fix that properly sanitizes and escapes the vulnerable sc parameter before SQL query execution.
  • If immediate patching is not possible: Restrict public access to WordPress AJAX endpoints (wp-admin/admin-ajax.php) at the web server or WAF layer to limit exposure while scheduling the update.

IONIX Status

The IONIX research team is tracking ongoing exploitation attempts and recommends immediate patching. Potentially affected assets are outlined in this post.

References

Are you exposed?

Get a free report of your organization’s exposure to this CVE and threat

How IONIX’s External Exposure Management Platform Detects and Validates
Zero-Days to Shrink MTTR

1

Map your entire attack surface (continously)

IONIX uses multi-factor discovery methods, including DNS analysis, certificate mapping, metadata inspection, and more, to automatically map every internet-facing asset across your environment. This includes cloud instances, third-party platforms, shadow IT, and even forgotten infrastructure that traditional tools miss.

2

Monitor for new CVEs

Dozens of threat intel feeds using agentic technology are continuously analyzed to detect the appearance of proof-of-concept code, exploit kits, and indicators of active targeting. IONIX goes further by applying AI to proactively evaluate whether emerging vulnerabilities are likely to be exploited, even before PoCs go public.

3

Identify Potential External Exposures

Not all CVEs matter. IONIX filters vulnerabilities by asking attacker-centric questions: Can it be reached from the internet? Does it require authentication? Is it being exploited in the wild? This dramatically reduces noise and focuses teams on threats that can actually be weaponized.

4

Create Safe, Scalable Exploit Validations

IONIX transforms real-world PoCs into safe, non-intrusive test payloads that can be run in production environments without disruption. These simulations are precisely targeted to the systems that are vulnerable, ensuring rapid validation without unnecessary load.

5

Execute Exploit Validations

By combining context about software stack, versioning, exposure status, and reachability, IONIX ensures that only the right payloads are executed against the right assets, maximizing efficiency and minimizing risk.

6

Drive Fast and Actionable Remediation

Results are routed through integrations with ticketing, SOAR, and SIEM tools. Issues are written in plain language, bundled into remediation clusters, and prioritized based on asset criticality, exploitability, and blast radius. This shortens mean time to remediation (MTTR) and empowers teams to act with confidence.

Are you exposed?

Get a free report of your organization’s exposure to this CVE and threat

Subscribe to Threat Center RSS

Copy/paste the link below into your preferred RSS reader or follow these instructions to subscribe to Slack alerts.

Get Real-Time CVE Alerts to Your Email

Be the first to know when new zero-days emerge