CVE-2016-20073 HIGH

CVE-2016-20073: Answer My Question 1.3 Plugin WordPress SQL Injection via modal.php

Vendor Mattkaye

Product Answer My Question

Weakness CWE-89 · SQLi

Published June 15, 2026

Last update June 15, 2026

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

Description

Answer My Question 1.3 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' POST parameter. Attackers can submit crafted SQL statements to the modal.php endpoint to extract sensitive database information including WordPress terms and configuration data.

Key dates

Disclosure timeline

June 15, 2026 CVE published

June 15, 2026 Record updated