HIGH
bbsetheme
CVE published 2026-06-15
CVE-2016-20072
The BBS e-Franchise 1.1.1 plugin for WordPress is vulnerable to an SQL injection attack. This vulnerability, tracked as CVE-2016-20072, allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the uid parameter. Attackers can craft requests to pages using the plugin's shortcode with UNION-based SQL injection in the uid parameter to extract sensitive data from t [truncated]