CVE-2016-20062
HighCVSS 8.2Summary
The Simply Poll plugin version 1.4.1 for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the 'pollid' POST parameter. Attackers can send requests to the admin-ajax.php endpoint with the 'spAjaxResults' action and malicious 'pollid' values to execute arbitrary SQL queries and read sensitive data from the WordPress database.
Risk Assessment
This vulnerability poses a serious risk to data security within the organization, allowing attackers to access sensitive information stored in the database. This could lead to a loss of data confidentiality and a breach of user privacy.
Recommendation
It is recommended to immediately update the Simply Poll plugin to the latest version to mitigate this vulnerability. Additionally, conducting a security audit of the database to detect any unauthorized activities is advisable.
Original NVD description (English source)
Simply Poll 1.4.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the 'pollid' POST parameter. Attackers can send requests to the admin-ajax.php endpoint with the 'spAjaxResults' action and malicious 'pollid' values to execute arbitrary SQL queries and read sensitive data from the WordPress database.

