WordPress Plugin Vulnerabilities

Participants Database < 1.9.5.6 - Authenticated Time Based SQL Injection

Description

Authenticated time-based SQL injection via the ascdesc, list_filter_count, and sortBy parameters.

Proof of Concept

Affects Plugins

Plugin icon
participants-database
Fixed in 1.9.5.6

References

CVE
CVE-2020-8596
URL
https://blog.impenetrable.tech/cve-2020-8596

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
7.5 (high)

Miscellaneous

Original Researcher
Teacish
Verified
No
WPVDB ID
ca4f3058-44bc-4ab8-9fbd-96d8be6be4ff

Timeline

Publicly Published
2020-02-10 (about 6 years ago)
Added
2020-02-11 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-04-07
Title
3DPrint Lite <=2.1.3.6 - Authenticated (Admin+) SQL Injection via 'printer_text'
Published
2025-12-01
Title
Visualizer: Tables and Charts Manager for WordPress < 3.11.13 - Authenticated (Contributor+) SQL Injection
Published
2025-05-21
Title
Binary MLM Plan < 5.0 - Unauthenticated SQL Injection
Published
2014-09-19
Title
FB Gorilla - SQL Injection
Published
2022-02-15
Title
Photo Gallery by 10Web < 1.6.0 - Unauthenticated SQL Injection