CVE-2016-20062

HIGH

Simply Poll 1.4.1 Plugin for WordPress SQL Injection

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-20062. PoCs published by TAD GROUP.

AI-analyzed exploit summary This is a technical writeup detailing a SQL injection vulnerability in the Simply Poll WordPress plugin (version <= 1.4.1). It includes a proof of concept using sqlmap to exploit the 'pollid' parameter via boolean-based blind, time-based blind, and UNION-based SQL injection techniques.

Description

Simply Poll 1.4.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the 'pollid' POST parameter. Attackers can send requests to the admin-ajax.php endpoint with the 'spAjaxResults' action and malicious 'pollid' values to execute arbitrary SQL queries and read sensitive data from the WordPress database.

Exploits (1)

exploitdb WRITEUP VERIFIED

by TAD GROUP · textwebappsphp

https://www.exploit-db.com/exploits/40971

View Code ZIP pw:eip

This is a technical writeup detailing a SQL injection vulnerability in the Simply Poll WordPress plugin (version <= 1.4.1). It includes a proof of concept using sqlmap to exploit the 'pollid' parameter via boolean-based blind, time-based blind, and UNION-based SQL injection techniques.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Simply Poll WordPress Plugin <= 1.4.1

No auth needed

Prerequisites: Access to the target WordPress site with the vulnerable plugin installed

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Jun 09, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit

ExploitDB-40971

https://www.exploit-db.com/exploits/40971

Product product

Official Product Homepage

https://wordpress.org/plugins/simply-poll/

Product product

Official Product Homepage

https://tad.group

Third Party Advisory third-party-advisory

VulnCheck Advisory: Simply Poll 1.4.1 Plugin for WordPress SQL Injection

https://www.vulncheck.com/advisories/simply-poll-plugin-for-wordpress-sql-injection

Scores

CVSS v3 8.2

EPSS 0.0027

EPSS Percentile 18.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (1)

Ollie Armstrong/Simply Poll 1.4.1

Published Jun 09, 2026

Tracked Since Jun 09, 2026