CVE-2020-5766

HIGH EXPLOITED IN THE WILD NUCLEI

SRS Simple Hits Counter Plugin <1.0.4 - SQL Injection

Title source: llm

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SRS Simple Hits Counter Plugin for WordPress 1.0.3 and 1.0.4 allows a remote, unauthenticated attacker to determine the value of database fields.

Nuclei Templates (1)

SRS Simple Hits Counter 1.0.3-1.0.4 - Unauthenticated Blind SQL Injection

HIGHby DhiyaneshDk

References (1)

[Exploit, Third Party Advisory] https://www.tenable.com/security/research/tra-2020-42

Scores

CVSS v3 7.5

EPSS 0.3907

EPSS Percentile 97.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2021-04-12

InTheWild.io 2021-04-12

CWE

CWE-89

Status published

Products (2)

srs_simple_hits_counter_project/srs_simple_hits_counter 1.0.3

srs_simple_hits_counter_project/srs_simple_hits_counter 1.0.4

Published Jul 13, 2020

Tracked Since Feb 18, 2026