ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Participants Database plugin <= 1.9.5.5 - Authenticated Time Based SQL Injection (SQLi) vulnerability

Product
Participants Database
Description
Authenticated Time Based SQL Injection (SQLi) vulnerability found by Teacish in WordPress Participants Database plugin (versions <= 1.9.5.5).
Solution
Update the WordPress Participants Database plugin to the latest available version (at least 1.9.5.6).
Classification
Type SQL Injection
OWASP Top 10 A1: Injection
References
Plugin changelog
CVE
Name CVE-2020-8596
Versions
Affected In <= 1.9.5.5
Fixed In 1.9.5.6
Disclosure date
2020-02-11
Credits
Teacish
Submitter
ThreatPress