{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31922", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-03-10T10:59:45.899Z", "datePublished": "2026-03-13T11:41:54.569Z", "dateUpdated": "2026-04-29T09:51:57.358Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "fox-lms", "product": "Fox LMS", "vendor": "Ays Pro", "versions": [{"changes": [{"at": "1.0.6.4", "status": "unaffected"}], "lessThanOrEqual": "1.0.6.3", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "w41bu1 | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:04:36.055Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ays Pro Fox LMS fox-lms allows Blind SQL Injection.<p>This issue affects Fox LMS: from n/a through <= 1.0.6.3.</p>"}], "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ays Pro Fox LMS fox-lms allows Blind SQL Injection.This issue affects Fox LMS: from n/a through <= 1.0.6.3."}], "impacts": [{"capecId": "CAPEC-7", "descriptions": [{"lang": "en", "value": "Blind SQL Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-29T09:51:57.358Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/fox-lms/vulnerability/wordpress-fox-lms-plugin-1-0-6-3-sql-injection-vulnerability?_s_id=cve"}], "title": "WordPress Fox LMS plugin <= 1.0.6.3 - SQL Injection vulnerability"}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-13T19:26:45.429183Z", "id": "CVE-2026-31922", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T19:26:59.728Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-31922", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-13T19:26:45.429183Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T19:26:56.117Z"}}], "cna": {"title": "WordPress Fox LMS plugin <= 1.0.6.3 - SQL Injection vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "w41bu1 | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-7", "descriptions": [{"lang": "en", "value": "Blind SQL Injection"}]}], "affected": [{"vendor": "Ays Pro", "product": "Fox LMS", "versions": [{"status": "affected", "changes": [{"at": "1.0.6.4", "status": "unaffected"}], "version": "0", "versionType": "custom", "lessThanOrEqual": "1.0.6.3"}], "packageName": "fox-lms", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-04-01T16:04:36.055Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/fox-lms/vulnerability/wordpress-fox-lms-plugin-1-0-6-3-sql-injection-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ays Pro Fox LMS fox-lms allows Blind SQL Injection.This issue affects Fox LMS: from n/a through <= 1.0.6.3.", "supportingMedia": [{"type": "text/html", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ays Pro Fox LMS fox-lms allows Blind SQL Injection.<p>This issue affects Fox LMS: from n/a through <= 1.0.6.3.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-01T14:15:51.756Z"}}}, "cveMetadata": {"cveId": "CVE-2026-31922", "state": "PUBLISHED", "dateUpdated": "2026-04-01T14:15:51.756Z", "dateReserved": "2026-03-10T10:59:45.899Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-03-13T11:41:54.569Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ays Pro Fox LMS fox-lms allows Blind SQL Injection.This issue affects Fox LMS: from n/a through <= 1.0.6.3."}, {"lang": "es", "value": "Vulnerabilidad de Neutralizaci\u00f3n Inadecuada de Elementos Especiales utilizados en un Comando SQL ('inyecci\u00f3n SQL') en Ays Pro Fox LMS fox-lms permite Inyecci\u00f3n SQL Ciega. Este problema afecta a Fox LMS: desde n/a hasta &lt;= 1.0.6.3."}], "id": "CVE-2026-31922", "lastModified": "2026-04-22T21:30:26.497", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 4.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-13T19:54:39.393", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/fox-lms/vulnerability/wordpress-fox-lms-plugin-1-0-6-3-sql-injection-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,1.0.6.3]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[1.0.6.4,1.0.6.4]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Fox LMS", "source": "cna", "vendor": "Ays Pro"}, "product": "fox_lms", "vendor": "ays-pro"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-03-19T16:10:45.770333+00:00", "value": {"mitigation_remediation": ["Update the Fox LMS plugin to any version newer than 1.0.6.3.", "If an update cannot be applied immediately, temporarily disable the plugin or restrict its use to trusted users.", "Monitor WordPress logs and database activity for abnormal queries or unexpected data changes.", "Consider implementing a web application firewall or input validation rules to block malicious SQL payloads."], "summary": {"action": "Immediate Patch", "impact": "Data Exposure"}, "threat_synthesis": {"affected_systems": "All installations of the Ays Pro Fox LMS (fox-lms) WordPress plugin up to and including version 1.0.6.3 are affected. No later versions are listed as vulnerable. Administrators should verify the plugin version in use.", "description_and_impact": "This vulnerability arises from improper neutralization of special elements in an SQL command within the Fox LMS WordPress plugin, a weakness classified as CWE-89. The flaw allows blind SQL injection, enabling an attacker to read, modify, or delete data in the database without authentication. The impact includes exposure of sensitive learner information, loss of data integrity, and downstream compromise of the WordPress site.", "risk_and_exploitability": "The CVSS score of 8.5 marks this as a high severity issue, while the EPSS score indicates a low exploitation likelihood at less than 1%. It is not part of the CISA KEV catalog. Exploitation would likely occur through unauthenticated HTTP requests to plugin endpoints that accept user input, requiring an attacker to orchestrate blind queries and interpret timing or error responses to extract data."}}}}, "created": "2026-03-16T09:37:39.719231+00:00", "updated": "2026-03-23T09:59:25.967918+00:00", "vendors": ["ays-pro", "ays-pro$PRODUCT$fox_lms", "wordpress", "wordpress$PRODUCT$wordpress"]}