CVE-2016-20072

Received Received - Intake

SQL Injection in BBS e-Franchise WordPress Plugin

Publication date: 2026-06-15

Last updated on: 2026-06-15

Assigner: VulnCheck

Description

BBS e-Franchise 1.1.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the uid parameter. Attackers can craft requests to pages using the plugin's shortcode with UNION-based SQL injection in the uid parameter to extract sensitive data from the WordPress database including user information and taxonomy terms.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-06-15

Last Modified

2026-06-15

Generated

2026-06-15

AI Q&A

2026-06-15

EPSS Evaluated

N/A

NVD

CVE-2016-20072

EUVD

EUVD-2016-10884

Affected Vendors & Products

Vendor	Product	Version / Range
bbsetheme	bbs_e_franchise	to 1.1.1 (inc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-89	The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

CWE ID

Description

CWE-89

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Attack-Flow Graph

Executive Summary

The BBS e-Franchise 1.1.1 WordPress plugin contains a SQL injection vulnerability in the 'uid' parameter. This flaw allows unauthenticated attackers to inject malicious SQL code through this parameter when accessing pages or posts using the plugin's shortcode.

By exploiting this vulnerability, attackers can execute arbitrary SQL queries on the WordPress database, including UNION-based SQL injection attacks, which can extract sensitive data such as user information and taxonomy terms.

Impact Analysis

This vulnerability can have a significant impact as it allows unauthenticated attackers to access and extract sensitive data from your WordPress database.

Attackers can retrieve user information, which may include usernames and other personal data.
Sensitive taxonomy terms and other database content can be exposed.

Such unauthorized data access can lead to privacy breaches, data leakage, and potential further exploitation of the affected system.

Detection Guidance

This vulnerability can be detected by monitoring HTTP GET requests to pages or posts using the BBS e-Franchise plugin's shortcode, specifically looking for suspicious or crafted requests that include the 'uid' parameter with SQL injection payloads such as UNION SELECT statements.

A practical detection method is to use web server logs or network traffic analysis tools to identify requests containing the 'uid' parameter with unusual SQL syntax.

For example, you can use the following command to search your web server access logs for suspicious 'uid' parameter usage:

grep -i 'uid=.*union' /var/log/apache2/access.log
grep -i 'uid=.*select' /var/log/apache2/access.log

Additionally, you can use tools like curl to manually test the vulnerability by sending crafted requests to pages using the plugin's shortcode, for example:

curl "http://targetsite.com/page-with-plugin-shortcode?uid=1+UNION+SELECT+name,slug+FROM+wp_terms--"

Mitigation Strategies

Immediate mitigation steps include disabling or removing the vulnerable BBS e-Franchise 1.1.1 plugin from your WordPress installation, as no official patch or update is documented.

Since the plugin has been removed from WordPress.org and is no longer maintained, it is recommended to uninstall it to prevent exploitation.

Additionally, you should monitor your logs for suspicious activity related to the 'uid' parameter and consider implementing web application firewall (WAF) rules to block SQL injection attempts targeting this parameter.

Finally, ensure your WordPress installation and other plugins are up to date to reduce the risk of other vulnerabilities.

Compliance Impact

The SQL injection vulnerability in the BBS e-Franchise 1.1.1 WordPress plugin allows unauthenticated attackers to extract sensitive data from the WordPress database, including user information and taxonomy terms.

This unauthorized access to sensitive user data could lead to non-compliance with data protection regulations such as GDPR and HIPAA, which require the protection of personal and sensitive information from unauthorized access or disclosure.

Organizations using this plugin without mitigation may risk violating these standards due to potential data breaches caused by exploitation of this vulnerability.

Hi! I’m here to help you understand CVE-2016-20072. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70

CVE-2016-20072

SQL Injection in BBS e-Franchise WordPress Plugin

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Quick Actions

Chat Assistant

EPSS Chart