CVE-2024-32136

HIGH

Xenioushk BWL Advanced FAQ Mgr <2.0.3 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-32136. PoCs published by xbz0n.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2024-32136, a post-authenticated SQL injection vulnerability in BWL Advanced FAQ Manager 2.0.3. It includes a proof-of-concept HTTP request demonstrating time-based SQL injection via the 'date_range' parameter.

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xenioushk BWL Advanced FAQ Manager.This issue affects BWL Advanced FAQ Manager: from n/a through 2.0.3.

Exploits (1)

nomisec WRITEUP 3 stars
by xbz0n · poc
https://github.com/xbz0n/CVE-2024-32136

This repository provides a detailed technical analysis of CVE-2024-32136, a post-authenticated SQL injection vulnerability in BWL Advanced FAQ Manager 2.0.3. It includes a proof-of-concept HTTP request demonstrating time-based SQL injection via the 'date_range' parameter.

Classification
Writeup 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: BWL Advanced FAQ Manager 2.0.3
Auth required
Prerequisites: Authenticated access to the WordPress admin panel · BWL Advanced FAQ Manager plugin version 2.0.3 installed
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 7.6
EPSS 0.0131
EPSS Percentile 66.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
Xenioushk/BWL Advanced FAQ Manager < 2.0.3
Published Apr 15, 2024
Tracked Since Feb 18, 2026