[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$flIOAhnlAy2WkN57va_M_d4Bfpzcaidzs1I3SSUUXpjU":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"CVE-2020-13640","comments-wpdiscuz-blind-sql-injection-via-order-parameter","Comments - wpDiscuz \u003C= 5.3.5 - Blind SQL Injection via order Parameter","A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the order parameter of a wpdLoadMoreComments request. (No 7.x versions are affected.)","wpdiscuz",null,"\u003C5.3.6","5.3.6","critical",9.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","2020-06-12 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F79b0a90b-5b75-4757-bd7b-909350f54175?source=api-prod",1320]