wpDiscuz < 5.3.6 – Unauthenticated SQL Injection | CVE 2020-13640

Affects Plugins

wpdiscuz

Fixed in 5.3.6

References

CVE

CVE-2020-13640

URL

https://wpdiscuz.com/community/news/security-vulnerability-issue-in-5-3-5-please-udate/

Classification

Type

SQLI

OWASP top 10

A1: Injection

CWE

CWE-89

CVSS

9.4 (critical)

Miscellaneous

Verified

No

WPVDB ID

f0efd55e-0fbd-4db4-8e5c-9707a92aa2a5

Timeline

Publicly Published

2020-06-12 (about 5 years ago)

Added

2020-06-18 (about 5 years ago)

Last Updated

2020-06-19 (about 5 years ago)

Other

Published

Title

Published

2014-08-01

Title

Facebook Survey Pro - timeline/index.php id Parameter SQL Injection

Published

2014-08-01

Title

GRAND Flash Album Gallery 0.55 - lib/hitcounter.php pid Parameter SQL Injection

Published

2015-02-09

Title

Users Ultra <= 1.4.35 - SQL Injection

Published

2023-11-29

Title

MSync <= 1.0.0 - Authenticated (Administrator+) SQL Injection

Published

2014-08-01

Title

BuddyPress 1.2.9 - SQL Injection