Lucene search
WPScanVULNRICHMENT:CVE-2024-6205HistoryJul 19, 2024 - 6:00 a.m.
CVE-2024-6205 PayPlus Payment Gateway < 6.6.9 - Unauthenticated SQLi
2024-07-1906:00:06
WPScan
github.com
7
cve-2024-6205
payplus
sql injection
AI Score
7.6
Confidence
High
EPSS
0.013
Percentile
86.1%
SSVC
Exploitation
poc
Automatable
no
Technical Impact
total
The PayPlus Payment Gateway WordPress plugin before 6.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement via a WooCommerce API route available to unauthenticated users, leading to an SQL injection vulnerability.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:payplus_ltd:payplus_payment_gateway:*:*:*:*:*:*:*:*"
],
"vendor": "payplus_ltd",
"product": "payplus_payment_gateway",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "6.6.9",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]Related
cvelist
cvelist
CVE-2024-6205 PayPlus Payment Gateway < 6.6.9 - Unauthenticated SQLi
2024-07-19 06:00:06
nvd
nvd
CVE-2024-6205
2024-07-19 06:15:03
packetstorm
packetstorm
WordPress PayPlus Payment Gateway SQL Injection
2024-08-07 00:00:00
zdt
zdt
WordPress PayPlus Payment Gateway SQL Injection Exploit
2024-08-07 00:00:00
githubexploit
githubexploit
Exploit for SQL Injection in Payplus Payplus Payment Gateway
2024-07-21 04:59:31
nuclei
nuclei
PayPlus Payment Gateway < 6.6.9 - SQL Injection
2024-07-19 18:36:26
cve
cve
CVE-2024-6205
2024-07-19 06:15:03
wordfence
wordfence
AI Score
7.6
Confidence
High
EPSS
0.013
Percentile
86.1%
SSVC
Exploitation
poc
Automatable
no
Technical Impact
total
Related for VULNRICHMENT:CVE-2024-6205