CVE Catalog

CVE-2016-20073

HighCVSS 8.2
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.27%

18th percentile - higher than 18% of all known CVEs

Summary

The Answer My Question 1.3 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' POST parameter. Attackers can submit crafted SQL statements to the modal.php endpoint to extract sensitive database information including WordPress terms and configuration data.

Risk Assessment

This vulnerability poses a serious risk to data security within the organization, allowing attackers to access confidential information from the database. It may lead to data loss, privacy breaches, and potential attacks on other systems.

Recommendation

It is recommended to immediately update the Answer My Question plugin to the latest version to mitigate this vulnerability. Additionally, conducting a security audit of the database is advisable to detect and minimize potential threats.

Original NVD description (English source)

Answer My Question 1.3 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' POST parameter. Attackers can submit crafted SQL statements to the modal.php endpoint to extract sensitive database information including WordPress terms and configuration data.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS