CVE-2020-5766

HIGH EXPLOITED IN THE WILD NUCLEI

SRS Simple Hits Counter Plugin <1.0.4 - SQL Injection

Title source: llm

Exploitation Summary

CVE-2020-5766 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io). A Nuclei detection template is also available.

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SRS Simple Hits Counter Plugin for WordPress 1.0.3 and 1.0.4 allows a remote, unauthenticated attacker to determine the value of database fields.

Nuclei Templates (1)

SRS Simple Hits Counter 1.0.3-1.0.4 - Unauthenticated Blind SQL Injection

HIGHby DhiyaneshDk

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_confirm

https://www.tenable.com/security/research/tra-2020-42

Scores

CVSS v3 7.5

EPSS 0.0610

EPSS Percentile 92.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2021-04-12

InTheWild.io 2021-04-12

CWE

CWE-89

Status published

Products (2)

srs_simple_hits_counter_project/srs_simple_hits_counter 1.0.3

srs_simple_hits_counter_project/srs_simple_hits_counter 1.0.4

Published Jul 13, 2020

Tracked Since Feb 18, 2026