cbcvebase.
CVE-2020-13640
published 2020-06-18

CVE-2020-13640: A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the order…

PriorityP182critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
12.71%
95.8th percentile
A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the order parameter of a wpdLoadMoreComments request. (No 7.x versions are affected.)

Affected

1 ranges
VendorProductVersion rangeFixed in
gvectorswpdiscuz<= 5.3.5

Detection & IOCsextracted from sources · hover to see the quote

otherorder=96) THEN 1 ELSE 1*(SELECT table_name FROM information_schema.tables) END)=1 ASC #
sigma
matchers: type: word, part: body, words: '"comment_list":null'
  • Monitor HTTP requests to WordPress wpdLoadMoreComments AJAX action for SQL injection payloads in the 'order' parameter, specifically containing subqueries referencing information_schema.tables.
  • A successful blind SQL injection probe returns a JSON response body containing '"comment_list":null', which can be used as a detection signal in WAF or IDS rules.
  • The exploit payload uses a boolean-based blind SQLi pattern with THEN/ELSE and a subselect from information_schema.tables injected into the 'order' POST parameter of the wpdLoadMoreComments request.
  • ·Only wpDiscuz plugin versions 5.3.5 and earlier are affected; version 7.x is explicitly NOT vulnerable.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.