CVE-2020-11530
A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- April 04, 2020
- Published Date
- May 08, 2020
- Last Updated
- August 04, 2024
- Vendor
- n/a
- Product
- n/a
- Description
- A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to get_script/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user.
CVSS Scores
EPSS Score
- Score
- 92.12% (Percentile: 99.68%) as of 2025-04-29
Exploit Status
- Exploited in the Wild
- Yes (added 2025-04-27 00:00:00 UTC) Source
References
https://idangero.us/
https://github.com/idangerous/Plugins/tree/master/Chop%20Slider%203
http://seclists.org/fulldisclosure/2020/May/26
http://packetstormsecurity.com/files/157607/WordPress-ChopSlider-3-SQL-Injection.html
http://packetstormsecurity.com/files/157655/WordPress-ChopSlider3-3.4-SQL-Injection.html
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| The Shadowserver (via CIRCL) | 2025-04-27 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-11530.yaml | 2025-04-26 00:00:00 UTC |