WordPress Gravity Bookings Plugin Vulnerable to SQL Injection (CVE-2026-1719)
The National Vulnerability Database has identified a critical SQL injection vulnerability (CVE-2026-1719) in all versions of the Gravity Bookings Premium WordPress plugin up to and including 2.5.9. This flaw stems from insufficient escaping of user-supplied parameters and inadequate preparation of SQL queries. Attackers can leverage this to append malicious SQL commands, potentially extracting sensitive database information without authentication.
This vulnerability poses a significant risk to WordPress sites utilizing this plugin. The lack of proper input validation allows unauthenticated attackers a direct path to exfiltrate data. Given the HIGH CVSS score of 7.5, immediate attention is warranted for any administrator managing sites with this plugin.
What This Means For You
- If your organization uses the Gravity Bookings Premium plugin for WordPress, you must update to a patched version immediately. Audit your database logs for any unusual activity that may indicate prior exploitation, and consider reviewing user permissions within your WordPress installation.
Related ATT&CK Techniques
🛡️ Detection Rules
7 rules · 6 SIEM formats7 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
Web Application Exploitation Attempt — CVE-2026-1719
title: Web Application Exploitation Attempt — CVE-2026-1719
id: scw-2026-05-06-1
status: experimental
level: high
description: |
Detects common exploitation patterns targeting web applications. Review CVE-2026-1719 advisories for specific indicators.
author: SCW Feed Engine (auto-generated)
date: 2026-05-06
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-1719/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri-query|contains:
- '..'
- 'SELECT'
- 'UNION'
- '<script'
- 'cmd='
- '/etc/passwd'
condition: selection
falsepositives:
- Legitimate activity from CVE-2026-1719
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-1719 | Vulnerability | CVE-2026-1719 |
| CVE-2026-1719 | Affected Product | all |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 06, 2026 at 13:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-6420 — Keylime Vulnerability
CVE-2026-6420 — A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can exploit...
CVE-2025-31970 — Cross-Site Scripting (XSS)
CVE-2025-31970 — HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability where the Content-Security-Policy does not define strict directives for object-src and base-uri,...
CVE-2026-40001 — Code Execution
CVE-2026-40001 — There is a local privilege escalation vulnerability in the ZTE PROCESS Guard service of the cloud computer client, which may allow local arbitrary...