DATABASE RESOURCES PRICING ABOUT US

{"id": "WORDPRESS_PLUGIN_SRS_SIMPLE_HITS_INFO_DISCLOSURE.NASL", "type": "nessus", "bulletinFamily": "scanner", "title": "WordPress Plugin 'SRS Simple Hits Counter' Information Disclosure", "description": "The WordPress application running on the remote host has a version of the 'SRS Simple Hits Counter' plugin that is affected by an information disclosure vulnerability due to improper validation of user supplied input data. An unauthenticated, remote attacker can exploit this issue via specially crafted requests to disclose potentially sensitive information.", "published": "2020-08-27T00:00:00", "modified": "2020-12-01T00:00:00", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {}, "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "href": "https://www.tenable.com/plugins/nessus/139872", "reporter": "This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://wordpress.org/plugins/srs-simple-hits-counter", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5766"], "cvelist": ["CVE-2020-5766"], "immutableFields": [], "lastseen": "2021-08-19T12:13:16", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "checkpoint_advisories", "idList": ["CPAI-2020-1198"]}, {"type": "cve", "idList": ["CVE-2020-5766"]}, {"type": "dsquare", "idList": ["E-713"]}, {"type": "nessus", "idList": ["WEB_APPLICATION_SCANNING_112525", "WORDPRESS_PLUGIN_SRS_SIMPLE_HITS_COUNTER_SQLI.NBIN"]}, {"type": "wpexploit", "idList": ["WPEX-ID:691DA8EE-42CC-4B01-B0BB-A19D43FACB6C"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:691DA8EE-42CC-4B01-B0BB-A19D43FACB6C"]}], "rev": 4}, "score": {"value": 5.3, "vector": "NONE"}, "backreferences": {"references": [{"type": "checkpoint_advisories", "idList": ["CPAI-2020-1198"]}, {"type": "cve", "idList": ["CVE-2020-5766"]}, {"type": "dsquare", "idList": ["E-713"]}, {"type": "nessus", "idList": ["WEB_APPLICATION_SCANNING_112525", "WORDPRESS_PLUGIN_SRS_SIMPLE_HITS_COUNTER_SQLI.NBIN"]}, {"type": "wpexploit", "idList": ["WPEX-ID:691DA8EE-42CC-4B01-B0BB-A19D43FACB6C"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:691DA8EE-42CC-4B01-B0BB-A19D43FACB6C"]}]}, "exploitation": null, "vulnersScore": 5.3}, "pluginID": "139872", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139872);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/01\");\n\n script_cve_id(\"CVE-2020-5766\");\n\n script_name(english:\"WordPress Plugin 'SRS Simple Hits Counter' Information Disclosure\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote WordPress application has a plugin installed that is vulnerable to an information disclosure vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The WordPress application running on the remote host has a version of the 'SRS Simple Hits Counter' plugin that is\naffected by an information disclosure vulnerability due to improper validation of user supplied input data. An\nunauthenticated, remote attacker can exploit this issue via specially crafted requests to disclose potentially sensitive\ninformation.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://wordpress.org/plugins/srs-simple-hits-counter\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the 'SRS Simple Hits Counter' plugin to version 1.1.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-5766\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"WordPress SRS Simple Hits Counter SQL Injection\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:wordpress:wordpress\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"wordpress_plugin_detect.nbin\");\n script_require_keys(\"installed_sw/WordPress\", \"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\napp_info = vcf::wordpress::plugin::get_app_info(plugin:'srs-simple-hits-counter');\nvcf::check_granularity(app_info:app_info, sig_segments:2);\n\nconstraints = [\n { 'fixed_version' : '1.1.0' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n\n", "naslFamily": "CGI abuses", "cpe": ["cpe:/a:wordpress:wordpress"], "solution": "Update the 'SRS Simple Hits Counter' plugin to version 1.1.0 or later.", "nessusSeverity": "Medium", "cvssScoreSource": "CVE-2020-5766", "vpr": {"risk factor": "Medium", "score": "5.1"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2020-07-10T00:00:00", "vulnerabilityPublicationDate": "2020-07-10T00:00:00", "exploitableWith": ["Elliot(WordPress SRS Simple Hits Counter SQL Injection)"], "_state": {"dependencies": 1645918312}}

{"nessus": [{"lastseen": "2022-02-19T12:24:56", "description": "The WordPress SRS Simple Hits Counter Plugin installed on the remote host is affected by a SQL injection vulnerability.\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-07-23T00:00:00", "type": "nessus", "title": "SRS Simple Hits Counter Plugin for WordPress SQL Injection", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-5766"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:srs_simple_hits_counter_project:srs_simple_hits_counter:*:*:*:*:*:wordpress:*:*"], "id": "WEB_APPLICATION_SCANNING_112525", "href": "https://www.tenable.com/plugins/was/112525", "sourceData": "No source data", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-04-25T23:18:30", "description": "The WordPress application running on the remote host has a version of the 'SRS Simple Hits Counter' plugin that is affected by an information disclosure vulnerability due to improper validation of user supplied input data. An unauthenticated, remote attacker can exploit this issue via specially crafted requests to disclose potentially sensitive information.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2021-06-28T00:00:00", "type": "nessus", "title": "WordPress Plugin 'SRS Simple Hits Counter' Information Disclosure (direct check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-5766"], "modified": "2022-04-25T00:00:00", "cpe": ["cpe:/a:wpsymposium:wp_symposium", "cpe:/a:wordpress:wordpress"], "id": "WORDPRESS_PLUGIN_SRS_SIMPLE_HITS_COUNTER_SQLI.NBIN", "href": "https://www.tenable.com/plugins/nessus/151025", "sourceData": "Binary data wordpress_plugin_srs_simple_hits_counter_sqli.nbin", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "wpexploit": [{"lastseen": "2021-02-15T22:29:17", "description": "Alex Pe\u00f1a from Tenable discovered a blind SQL injection which could allow unauthenticated remote attackers to retrieve data from the DBMS. Note: The vendor attempted a fix in v1.0.4, which is incomplete.\n", "cvss3": {}, "published": "2020-07-10T00:00:00", "type": "wpexploit", "title": "SRS Simple Hits Counter <= 1.0.4 - Unauthenticated Blind SQL Injection", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2020-5766"], "modified": "2020-07-16T05:00:33", "id": "WPEX-ID:691DA8EE-42CC-4B01-B0BB-A19D43FACB6C", "href": "", "sourceData": "The PoC will be displayed once the issue has been remediated", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "dsquare": [{"lastseen": "2021-07-28T14:33:45", "description": "SQL Injection vulnerability in SRS Simple Hits Counter post_id parameter\n\nVulnerability Type: SQL Injection", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-09-02T00:00:00", "type": "dsquare", "title": "WordPress SRS Simple Hits Counter SQL Injection", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-5766"], "modified": "2020-09-02T00:00:00", "id": "E-713", "href": "", "sourceData": "For the exploit source code contact DSquare Security sales team.", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "wpvulndb": [{"lastseen": "2021-02-15T22:29:17", "description": "Alex Pe\u00f1a from Tenable discovered a blind SQL injection which could allow unauthenticated remote attackers to retrieve data from the DBMS. Note: The vendor attempted a fix in v1.0.4, which is incomplete.\n\n### PoC\n\nThe PoC will be displayed once the issue has been remediated\n", "cvss3": {}, "published": "2020-07-10T00:00:00", "type": "wpvulndb", "title": "SRS Simple Hits Counter <= 1.0.4 - Unauthenticated Blind SQL Injection", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-5766"], "modified": "2020-07-16T05:00:33", "id": "WPVDB-ID:691DA8EE-42CC-4B01-B0BB-A19D43FACB6C", "href": "https://wpscan.com/vulnerability/691da8ee-42cc-4b01-b0bb-a19d43facb6c", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "cve": [{"lastseen": "2022-03-23T18:42:47", "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SRS Simple Hits Counter Plugin for WordPress 1.0.3 and 1.0.4 allows a remote, unauthenticated attacker to determine the value of database fields.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-07-13T15:15:00", "type": "cve", "title": "CVE-2020-5766", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-5766"], "modified": "2020-07-20T18:22:00", "cpe": ["cpe:/a:srs_simple_hits_counter_project:srs_simple_hits_counter:1.0.4", "cpe:/a:srs_simple_hits_counter_project:srs_simple_hits_counter:1.0.3"], "id": "CVE-2020-5766", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5766", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:srs_simple_hits_counter_project:srs_simple_hits_counter:1.0.3:*:*:*:*:wordpress:*:*", "cpe:2.3:a:srs_simple_hits_counter_project:srs_simple_hits_counter:1.0.4:*:*:*:*:wordpress:*:*"]}], "checkpoint_advisories": [{"lastseen": "2022-02-16T19:36:44", "description": "SQL Injection Over HTTP Traffic.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-18T00:00:00", "type": "checkpoint_advisories", "title": "SQL Injection Over HTTP Traffic (CVE-2020-11530; CVE-2020-17463; CVE-2020-17506; CVE-2020-25990; CVE-2020-27481; CVE-2020-5766; CVE-2020-8655; CVE-2020-8656; CVE-2020-9465)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11530", "CVE-2020-17463", "CVE-2020-17506", "CVE-2020-25990", "CVE-2020-27481", "CVE-2020-5766", "CVE-2020-8655", "CVE-2020-8656", "CVE-2020-9465"], "modified": "2020-12-03T00:00:00", "id": "CPAI-2020-1198", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}