CVE-2020-8596: 
WordPress vulnerability analysis and mitigation

The vulnerability identified as CVE-2020-8596 affects the Participants Database WordPress plugin version 1.9.5.5 and earlier versions. The vulnerability was discovered in participants-database.php and was disclosed on February 11, 2020. This security flaw is characterized as a time-based SQL injection vulnerability that can be exploited through the manipulation of specific parameters including ascdesc, list_filter_count, or sortBy (NVD, CVE).

The vulnerability is classified as CWE-89 (SQL Injection) with a CVSS v3.1 base score of 7.5 (High). The attack vector is characterized by CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating that it is network-accessible, requires high attack complexity, needs low privileges, and no user interaction, with potential for high impacts on confidentiality, integrity, and availability (NVD).

The vulnerability allows attackers to potentially exfiltrate data from the database and, under certain conditions, could lead to code execution on the affected system. The high CVSS score indicates significant potential impact on system security, affecting confidentiality, integrity, and availability of the system (NVD).

Users should upgrade their Participants Database WordPress plugin to a version newer than 1.9.5.5 to address this vulnerability (NVD).