CVE Catalog

CVE-2016-20062

HighCVSS 8.2
Published: Updated: Translated: NVD NIST

Summary

The Simply Poll plugin version 1.4.1 for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the 'pollid' POST parameter. Attackers can send requests to the admin-ajax.php endpoint with the 'spAjaxResults' action and malicious 'pollid' values to execute arbitrary SQL queries and read sensitive data from the WordPress database.

Risk Assessment

This vulnerability poses a serious risk to data security within the organization, allowing attackers to access sensitive information stored in the database. This could lead to a loss of data confidentiality and a breach of user privacy.

Recommendation

It is recommended to immediately update the Simply Poll plugin to the latest version to mitigate this vulnerability. Additionally, conducting a security audit of the database to detect any unauthorized activities is advisable.

Original NVD description (English source)

Simply Poll 1.4.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the 'pollid' POST parameter. Attackers can send requests to the admin-ajax.php endpoint with the 'spAjaxResults' action and malicious 'pollid' values to execute arbitrary SQL queries and read sensitive data from the WordPress database.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS