2 matches found
CVE-2020-8596
participants-database.php in the Participants Database plugin 1.9.5.5 and previous versions for WordPress has a time-based SQL injection vulnerability via the ascdesc, listfiltercount, or sortBy parameters. It is possible to exfiltrate data and potentially execute code if certain conditions are m...
CVE-2020-8596
CVE-2020-8596 affects the WordPress plugin Participants Database (versions ≤ 1.9.5.5). The vulnerability is a time-based SQL injection in the plugin’s parameters ascdesc, list_filter_count, and sortBy, which can enable data exfiltration and, under certain conditions, remote code execution. Exploi...