CVE-2017-20245
8.2 HIGHWow Viral Signups 2.1 WordPress plugin contains an SQL injection vulnerability that allows unauthenticated attackers to extract database ...
Published: 2026-06-09 · Last updated: 2026-06-09
Severity and scoring
- CVSS
- 8.2 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
- CWE
- CWE-89
Description
Wow Viral Signups 2.1 WordPress plugin contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by exploiting the unescaped 'idsignup' POST parameter. Attackers can send crafted requests to the admin-ajax.php endpoint with malicious SQL payloads in the 'idsignup' parameter to read arbitrary data from the database.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2017-20245
- [Other]http://wow-company.com/
- [Other]https://tad.group
- [Other]https://wordpress.org/plugins/mwp-viral-signup/
- [Other]https://www.exploit-db.com/exploits/41921
- [Other]https://www.vulncheck.com/advisories/wow-viral-signups-wordpress-plugin-sql-injection
Related CVEs
Same CWE
- CVE-2026-53474 — A flaw was found in migration-planner (9.6 CRITICAL)
- CVE-2026-52758 — Ghidra before 12.1 contains a SQL injection vulnerability in BSim filter types that concatenate user-supplied values directly into SQL qu... (8.8 HIGH)
- CVE-2026-49498 — Ghidra 11.0 before 12.1 contains a SQL injection vulnerability in the changePassword() method of PostgresFunctionDatabase that fails to e... (8.8 HIGH)
- CVE-2026-3018 — The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpmlsubscriber_id’ parameter in all versions up t... (7.5 HIGH)
- CVE-2026-3326 — The Xstore WordPress theme before 9.7.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX ... (8.6 HIGH)