Vulners
Lucene search
CVE-2024-3495
🗓️ 22 May 2024 08:31:21Reported by WordfenceType 
cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 118 Views🌐 WEB
| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
 | CVE-2024-3495 | 23 May 202402:43 | – | circl |
 | CVE-2024-3495 Country State City Dropdown CF7 <= 2.7.2 - Unauthenticated SQL Injection | 22 May 202408:31 | – | cvelist |
 | Exploit for CVE-2024-3495 | 23 May 202402:41 | – | githubexploit |
 | Wordpress Country State City Dropdown <=2.7.2 - SQL Injection | 3 Jun 202606:04 | – | nuclei |
 | CVE-2024-3495 | 22 May 202409:15 | – | nvd |
 | WordPress Country State City Dropdown CF7 plugin <= 2.7.2 - Unauthenticated SQL Injection vulnerability | 22 May 202401:23 | – | patchstack |
| WordPress Country State City Dropdown CF7 Plugin <= 2.7.2 is vulnerable to SQL Injection | 22 May 202400:00 | – | patchstack |
 | PT-2024-26266 | 22 May 202400:00 | – | ptsecurity |
 | CVE-2024-3495 | 5 Feb 202510:10 | – | redhatcve |
 | VulnCheck KEV: CVE-2024-3495 | 25 Feb 202600:00 | – | vulncheck_kev |
10
Node
[
{
"vendor": "trustyplugins",
"product": "Country State City Dropdown CF7",
"versions": [
{
"version": "0",
"status": "affected",
"lessThanOrEqual": "2.7.2",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| sid | request body | /wp-admin/admin-ajax.php | Unauthenticated SQL injection via sid parameter (cities) and cnt parameter (states) in the WordPress Country State City Dropdown CF7 plugin up to v2.7.2. | CWE-89 |
| cnt | request body | /wp-admin/admin-ajax.php | Unauthenticated SQL injection via sid parameter (cities) and cnt parameter (states) in the WordPress Country State City Dropdown CF7 plugin up to v2.7.2. | CWE-89 |
| action | request body | /wp-admin/admin-ajax.php | Unauthenticated SQL injection via the admin-ajax endpoint using action=tc_csca_get_cities or action=tc_csca_get_states with injected sid/cnt payloads. | CWE-89 |
| nonce_ajax | request body | /wp-admin/admin-ajax.php | Unauthenticated SQL injection via the admin-ajax endpoint using action=tc_csca_get_cities or action=tc_csca_get_states with injected sid/cnt payloads. | CWE-89 |
| sid | request body | /wp-admin/admin-ajax.php | Unauthenticated SQL injection via the admin-ajax endpoint using action=tc_csca_get_cities or action=tc_csca_get_states with injected sid/cnt payloads. | CWE-89 |
| cnt | request body | /wp-admin/admin-ajax.php | Unauthenticated SQL injection via the admin-ajax endpoint using action=tc_csca_get_cities or action=tc_csca_get_states with injected sid/cnt payloads. | CWE-89 |
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
15 Apr 2026 00:35Current
9.6High risk
Vulners AI Score9.6
CVSS 3.19.8
EPSS0.93237
SSVC