CVE-2020-20625: SQL Injection
First published: Mon Aug 31 2020(Updated: )
Sliced Invoices plugin for WordPress 3.8.2 and earlier allows unauthenticated information disclosure and authenticated SQL injection via core/class-sliced.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sliced Invoices | =3.8.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the CVE ID associated with this vulnerability in the Sliced Invoices plugin for WordPress?
The CVE ID associated with this vulnerability in the Sliced Invoices plugin for WordPress is CVE-2020-20625.
What is the severity level of CVE-2020-20625 in the Sliced Invoices plugin for WordPress?
The severity level of CVE-2020-20625 in the Sliced Invoices plugin for WordPress is high with a severity value of 7.5.
What is the vulnerability in the Sliced Invoices plugin for WordPress?
The vulnerability in the Sliced Invoices plugin for WordPress allows unauthenticated information disclosure and authenticated SQL injection via core/class-sliced.php.
How can this vulnerability be exploited?
This vulnerability can be exploited by unauthenticated attackers to disclose sensitive information and by authenticated attackers to perform SQL injection attacks.
Is there a fix available for CVE-2020-20625 in the Sliced Invoices plugin for WordPress?
Yes, updating the Sliced Invoices plugin to a version later than 3.8.2 will fix CVE-2020-20625.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/slicedinvoices
- canonical/sliced invoices
- version/sliced invoices/3.8.2