- Description
- The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks
- Source
- contact@wpscan.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- nvd@nist.gov
- CWE-89
- Hype score
- Not currently trending
#WordPress The WP-Advanced-Search plugin for WordPress (versions up to and including 3.3.9) is vulnerable to SQL injection Vulnerability Details Type: Plugin CVSS Score: 7.5 (High) CVE: CVE-2024-9796 Repositorie link: https://t.co/WVFKv5bW5Z #CyberSecurity
@issam_juniorx
25 Nov 2024
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#exploit 1. CVE-2024-9680: UaF in Firefox Animation timeline https://t.co/IRVaEaeWpj 2. CVE-2023-7261: Google Chrome Updater DosDevices LPE https://t.co/OkfCZcZkoU 3. CVE-2024-9796: WP Advanced-Search <=3.3.9 - Unauth SQLI https://t.co/nPT7YuDWuE
@ksg93rd
19 Nov 2024
153 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 New #CyberSecurity Alert! 🚨 Check out the details on the SQL Injection vulnerability CVE-2024-9796 affecting the WP-Advanced-Search #WordPress plugin. Learn how to protect your site now! 🔒 Don’t wait, stay secure! #SQLInjection #bugbountytip #CVE #HackerNews #Infosec https:
@cloudtechhills
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:internet-formation:wp-advanced-search:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "C3DB91B5-A9DD-4476-9012-0FF3AA9C7D8B",
"versionEndExcluding": "3.3.9.2"
}
],
"operator": "OR"
}
]
}
]