Vulnerability Details CVE-2020-24315
Vinoj Cardoza WordPress Poll Plugin v36 and lower executes SQL statement passed in via the pollid POST parameter due to a lack of user input escaping. This allows users who craft specific SQL statements to dump the entire targets database.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 72.7%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2020-24315
-
cpe:2.3:a:wordpress_poll_project:wordpress_poll:-
-
cpe:2.3:a:wordpress_poll_project:wordpress_poll:36.0