CVE-2020-10817: 
WordPress vulnerability analysis and mitigation

The CVE-2020-10817 vulnerability affects the Custom Searchable Data Entry System plugin through version 1.7.1 for WordPress. This SQL Injection vulnerability was disclosed on March 27, 2020. The plugin, which has since been discontinued, allowed potential SQL injection attacks that could compromise the security of WordPress installations using this plugin (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This indicates a network-exploitable vulnerability with low attack complexity, requiring low privileges, and no user interaction. The vulnerability is classified as CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (NVD).

The vulnerability could potentially allow attackers to execute SQL injection attacks, which could lead to unauthorized access to the database, data theft, modification of database contents, and potential compromise of the WordPress installation's integrity. The high CVSS score indicates severe potential impacts on confidentiality, integrity, and availability of the system (NVD).

Since the plugin has been discontinued, the primary mitigation strategy is to completely remove the Custom Searchable Data Entry System plugin from WordPress installations. Users should switch to alternative solutions for their data entry system needs (WordPress Plugin).