CVE-2020-11530

A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to get_script/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
idangerochop_slider
3.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/157607/WordPress-ChopSlider-3-SQL-Injection.html
http://packetstormsecurity.com/files/157655/WordPress-ChopSlider3-3.4-SQL-Injection.html
http://seclists.org/fulldisclosure/2020/May/26
https://github.com/idangerous/Plugins/tree/master/Chop%20Slider%203
https://idangero.us/
http://packetstormsecurity.com/files/157607/WordPress-ChopSlider-3-SQL-Injection.html
http://packetstormsecurity.com/files/157655/WordPress-ChopSlider3-3.4-SQL-Injection.html
http://seclists.org/fulldisclosure/2020/May/26
https://github.com/idangerous/Plugins/tree/master/Chop%20Slider%203
https://idangero.us/