CVE-2020-11530

CRITICAL EXPLOITED NUCLEI

Idangero Chop Slider - SQL Injection

Title source: rule

Description

A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to get_script/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user.

Exploits (2)

exploitdb WORKING POC

by SunCSR · textwebappsphp

https://www.exploit-db.com/exploits/48457

View Code ZIP pw:eip

metasploit WORKING POC

by h00die, SunCSR, Callum Murphy <[email protected]> · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/wp_chopslider_id_sqli.rb

View Code ZIP pw:eip

Nuclei Templates (1)

WordPress Chop Slider 3 - Blind SQL Injection

CRITICALVERIFIEDby theamanrawat

References (5)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/157607/WordPress-ChopSlider-3-SQL-Injection.html

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/157655/WordPress-ChopSlider3-3.4-SQL-Injection.html

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2020/May/26

[Third Party Advisory] https://github.com/idangerous/Plugins/tree/master/Chop%20Slider%203

[Product] https://idangero.us/

Scores

CVSS v3 9.8

EPSS 0.9313

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation Intel

VulnCheck KEV 2024-04-27

Classification

CWE

CWE-89

Status published

Affected Products (1)

idangero/chop_slider

Timeline

Published May 08, 2020

Tracked Since Feb 18, 2026