vulnerability

WordPress Plugin: participants-database: CVE-2020-8596: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:M/Au:S/C:P/I:P/A:P)	Feb 10, 2020	May 15, 2025	Jun 24, 2025

Severity

CVSS

(AV:N/AC:M/Au:S/C:P/I:P/A:P)

Published

Feb 10, 2020

Added

May 15, 2025

Modified

Jun 24, 2025

Description

participants-database.php in the Participants Database plugin 1.9.5.5 and previous versions for WordPress has a time-based SQL injection vulnerability via the ascdesc, list_filter_count, or sortBy parameters. It is possible to exfiltrate data and potentially execute code (if certain conditions are met).

Solution

participants-database-plugin-cve-2020-8596

References

URL-https://www.cve.org/CVERecord?id=CVE-2020-8596
URL-https://www.wordfence.com/threat-intel/vulnerabilities/id/4ede9023-732d-43e4-9c19-7cf704c95c29?source=api-prod
CVE-2020-8596
https://attackerkb.com/topics/CVE-2020-8596
CWE-89

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today