What is CVE-2020-13640?

CVE-2020-13640 is a vulnerability in N/a. Published 2020-06-18.

Is CVE-2020-13640 known to be exploited?

10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-13640

A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the order parameter of a wpdLoadMoreComments request. (No 7.x versions are affected.)

EPSS: 0.739 (98.8th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

wordpress.org/plugins/wpdiscuz/ (x_refsource_MISC)
wpdiscuz.com/community/news/security-vulnerability-issue-in-5-3-5-please-udate/ (x_refsource_MISC)
plugins.trac.wordpress.org/changeset/2323200 (x_refsource_MISC)
plugins.trac.wordpress.org/browser/wpdiscuz/tags/5.3.6 (x_refsource_MISC)
[oss-security] 20200706 CVE-2020-13640: WordPress Plugin wpDiscuz <= 5.3.5 SQL injection (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2020-13640?: CVE-2020-13640 is a vulnerability in N/a. Published 2020-06-18.
Is CVE-2020-13640 known to be exploited?: 10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.