CVE Catalog

CVE-2017-20245

HighCVSS 8.2
Published: Updated: Translated: NVD NIST

Summary

The Wow Viral Signups plugin version 2.1 for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by exploiting the unescaped 'idsignup' POST parameter.

Risk Assessment

Attackers can send crafted requests to the admin-ajax.php endpoint, potentially leading to the disclosure of sensitive data from the database, posing a threat to the organization's security.

Recommendation

It is recommended to update the Wow Viral Signups plugin to the latest version to mitigate this vulnerability and to monitor server logs for potential attack attempts.

Original NVD description (English source)

Wow Viral Signups 2.1 WordPress plugin contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by exploiting the unescaped 'idsignup' POST parameter. Attackers can send crafted requests to the admin-ajax.php endpoint with malicious SQL payloads in the 'idsignup' parameter to read arbitrary data from the database.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS