WordPress Plugin Vulnerabilities

SRS Simple Hits Counter 1.0.3 - 1.0.4 - Unauthenticated Blind SQL Injection

Description

Alex Peña from Tenable discovered a blind SQL injection which could allow unauthenticated remote attackers to retrieve data from the DBMS.

Note: The vendor attempted a fix in v1.0.4, which is incomplete.

Proof of Concept

Affects Plugins

Plugin icon
srs-simple-hits-counter
Fixed in 1.1.0

References

CVE
CVE-2020-5766
URL
https://www.tenable.com/security/research/tra-2020-42

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
9.4 (critical)

Miscellaneous

Original Researcher
Alex Peña (Tenable)
Verified
No
WPVDB ID
691da8ee-42cc-4b01-b0bb-a19d43facb6c

Timeline

Publicly Published
2020-07-10 (about 5 years ago)
Added
2020-07-13 (about 5 years ago)
Last Updated
2021-02-17 (about 5 years ago)

Other

Published
Title
Published
2014-08-01
Title
Spreadsheet <= 0.6 - SQL Injection
Published
2025-07-08
Title
Funnel Builder by FunnelKit < 3.11.0 - Authenticated (Administrator+) SQL Injection
Published
2021-01-28
Title
uListing < 1.7 - Unauthenticated SQL Injections
Published
2014-09-23
Title
Contus Video Gallery 2.3.1.0.1 - SQL Injection
Published
2023-10-30
Title
Message ticker < 9.3 - Authenticated (Subscriber+) SQL Injection via Shortcode