CVE-2017-20245

HIGH

Wow Viral Signups 2.1 WordPress Plugin SQL Injection

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-20245. PoCs published by TAD GROUP.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in the Wow Viral Signups WordPress plugin (v2.1) via the 'idsignup' POST parameter. It includes a sqlmap command to exploit the boolean-based and time-based blind SQLi, allowing database enumeration.

Description

Wow Viral Signups 2.1 WordPress plugin contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by exploiting the unescaped 'idsignup' POST parameter. Attackers can send crafted requests to the admin-ajax.php endpoint with malicious SQL payloads in the 'idsignup' parameter to read arbitrary data from the database.

Exploits (1)

exploitdb WORKING POC

by TAD GROUP · textwebappsphp

https://www.exploit-db.com/exploits/41921

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in the Wow Viral Signups WordPress plugin (v2.1) via the 'idsignup' POST parameter. It includes a sqlmap command to exploit the boolean-based and time-based blind SQLi, allowing database enumeration.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Wow Viral Signups WordPress Plugin v2.1

No auth needed

Prerequisites: WordPress site with vulnerable plugin installed · Access to the admin-ajax.php endpoint

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Jun 09, 2026 Full analysis →

References (5)

Core 5

Core References

Exploit exploit

ExploitDB-41921

https://www.exploit-db.com/exploits/41921

Product product

Official Product Homepage

http://wow-company.com/

Product product

Official Product Homepage

https://tad.group

Product product

Product Reference

https://wordpress.org/plugins/mwp-viral-signup/

Third Party Advisory third-party-advisory

VulnCheck Advisory: Wow Viral Signups 2.1 WordPress Plugin SQL Injection

https://www.vulncheck.com/advisories/wow-viral-signups-wordpress-plugin-sql-injection

Scores

CVSS v3 8.2

EPSS 0.0027

EPSS Percentile 18.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (1)

Wow-Company/Wow Viral Signups 2.1

Published Jun 09, 2026

Tracked Since Jun 09, 2026