Lucene search
WPScanCVE-2024-6926HistorySep 04, 2024 - 6:15 a.m.
CVE-2024-6926
2024-09-0406:15:17
WPScan
web.nvd.nist.gov
24
viral signup
wordpress
sql injection
unauthenticated users
ajax action
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
7.3
Confidence
High
EPSS
0.001
Percentile
22.2%
The Viral Signup WordPress plugin through 2.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
Affected configurations
Node
lapostalaposta_signup_basicRange≤2.1wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| laposta | laposta_signup_basic | * | cpe:2.3:a:laposta:laposta_signup_basic:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "Viral Signup",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThanOrEqual": "2.1"
}
],
"defaultStatus": "affected"
}
]Related
vulnrichment
vulnrichment
CVE-2024-6926 Viral Signup <= 2.1 - Unauthenticated SQLi
2024-09-04 06:00:04
nvd
nvd
CVE-2024-6926
2024-09-04 06:15:17
cvelist
cvelist
CVE-2024-6926 Viral Signup <= 2.1 - Unauthenticated SQLi
2024-09-04 06:00:04
wordfence
wordfence
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
7.3
Confidence
High
EPSS
0.001
Percentile
22.2%
Related for CVE-2024-6926