Lucene search
WPScanCVELIST:CVE-2024-6924HistorySep 08, 2024 - 6:00 a.m.
CVE-2024-6924 TrueBooker < 1.0.3 - Multiple Unauthenticated SQLi
2024-09-0806:00:03
WPScan
www.cve.org
4
cve-2024-6924
truebooker
wordpress
sqli
unauthenticated
ajax
EPSS
0.006
Percentile
79.5%
The TrueBooker WordPress plugin before 1.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
CNA Affected
[
{
"vendor": "Unknown",
"product": "TrueBooker",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "1.0.3"
}
],
"defaultStatus": "unaffected"
}
]Related
nvd
nvd
CVE-2024-6924
2024-09-08 06:15:02
vulnrichment
vulnrichment
CVE-2024-6924 TrueBooker < 1.0.3 - Multiple Unauthenticated SQLi
2024-09-08 06:00:03
cve
cve
CVE-2024-6924
2024-09-08 06:15:02
wordfence
wordfence