CVE-2025-26590: 
WordPress vulnerability analysis and mitigation

A SQL Injection vulnerability has been identified in Nir Complete Google Seo Scan WordPress plugin versions through 3.5.1. The vulnerability was discovered by Nguyen Quang Minh from VCI - VNPT Cyber Immunity and was disclosed on June 5, 2025. This security flaw allows authenticated administrators to perform SQL injection attacks against the affected WordPress installations (Patchstack).

The vulnerability has been assigned CVE-2025-26590 and received a CVSS v3.1 base score of 7.6 (High). The attack vector is network-based (AV:N), with low attack complexity (AC:L), requiring high privileges (PR:H), and no user interaction (UI:N). The scope is changed (S:C), with high impact on confidentiality (C:H), no impact on integrity (I:N), and low impact on availability (A:L) (NVD).

The SQL Injection vulnerability could allow a malicious actor with administrator privileges to directly interact with the database, potentially leading to unauthorized access to sensitive information stored in the WordPress database (Patchstack).

As of the disclosure date, no official fix is available for this vulnerability. Given the low severity impact and unlikely exploitation scenario, immediate mitigation may not be necessary for most installations (Patchstack).