CVE-2024-43918

CRITICAL

WBW Product Table PRO < 1.9.4 - Unauthenticated SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-43918. PoCs published by KTN1990.

AI-analyzed exploit summary This repository contains a functional Python exploit for CVE-2024-43918, targeting an unauthenticated SQL injection vulnerability in the WBW Product Table Pro WordPress plugin (versions <= 1.9.4). The exploit automates the creation of an admin user via arbitrary SQL queries, demonstrating remote code execution potential.

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW WBW Product Table PRO allows SQL Injection.This issue affects WBW Product Table PRO: from n/a through 1.9.4.

Exploits (1)

nomisec WORKING POC 3 stars
by KTN1990 · poc
https://github.com/KTN1990/CVE-2024-43918

This repository contains a functional Python exploit for CVE-2024-43918, targeting an unauthenticated SQL injection vulnerability in the WBW Product Table Pro WordPress plugin (versions <= 1.9.4). The exploit automates the creation of an admin user via arbitrary SQL queries, demonstrating remote code execution potential.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: WBW Product Table Pro WordPress plugin <= 1.9.4
No auth needed
Prerequisites: Python 3 · list of target URLs
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 10.0
EPSS 0.0149
EPSS Percentile 70.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-89
Status published
Products (2)
WBW/WBW Product Table PRO < 1.9.4
woobewoo/product_table < 1.9.5
Published Aug 29, 2024
Tracked Since Feb 18, 2026