CVE-2016-20073
HighCVSS 8.2Exploitation Probability (EPSS)
Low risk18th percentile - higher than 18% of all known CVEs
Summary
The Answer My Question 1.3 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' POST parameter. Attackers can submit crafted SQL statements to the modal.php endpoint to extract sensitive database information including WordPress terms and configuration data.
Risk Assessment
This vulnerability poses a serious risk to data security within the organization, allowing attackers to access confidential information from the database. It may lead to data loss, privacy breaches, and potential attacks on other systems.
Recommendation
It is recommended to immediately update the Answer My Question plugin to the latest version to mitigate this vulnerability. Additionally, conducting a security audit of the database is advisable to detect and minimize potential threats.
Original NVD description (English source)
Answer My Question 1.3 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' POST parameter. Attackers can submit crafted SQL statements to the modal.php endpoint to extract sensitive database information including WordPress terms and configuration data.

