CVE-2016-20072 in BBS e-Franchiseinfo

Summary

by MITRE • 06/15/2026

BBS e-Franchise 1.1.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the uid parameter. Attackers can craft requests to pages using the plugin's shortcode with UNION-based SQL injection in the uid parameter to extract sensitive data from the WordPress database including user information and taxonomy terms.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsible

VulnCheck

Reservation

06/15/2026

Disclosure

06/15/2026

Moderation

accepted

Entry

VDB-370912

CPE

ready

CWE

CWE-89 (confirmed)

Exploit

Download

CVSS

8.2 (CNA)

EPSS

0.00000

KEV

Activities

low

Sector

Hostingprovider

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-20072
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-20072
CVE Details	https://www.cvedetails.com/cve/CVE-2016-20072/

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!