First published: Mon Jul 13 2020(Updated: )
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SRS Simple Hits Counter Plugin for WordPress 1.0.3 and 1.0.4 allows a remote, unauthenticated attacker to determine the value of database fields.
Credit: vulnreport@tenable.com
Affected Software | Affected Version | How to fix |
---|---|---|
Srs Simple Hits Counter Project Srs Simple Hits Counter | =1.0.3 | |
Srs Simple Hits Counter Project Srs Simple Hits Counter | =1.0.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-5766 is a vulnerability that allows a remote, unauthenticated attacker to determine the value of database fields through SQL Injection in SRS Simple Hits Counter Plugin for WordPress 1.0.3 and 1.0.4.
CVE-2020-5766 has a severity rating of 7.5 (high).
CVE-2020-5766 affects SRS Simple Hits Counter Plugin for WordPress versions 1.0.3 and 1.0.4.
CVE-2020-5766 allows an attacker to determine the value of database fields, posing a risk to the confidentiality of sensitive information.
At the time of this writing, there is no known fix available for CVE-2020-5766. It is recommended to follow the mitigations provided by the vendor.