CVE-2024-43965

HIGH NUCLEI

Smackcoders SendGrid for WordPress <= 1.4 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-43965. PoCs published by RandomRobbieBF. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository contains a functional proof-of-concept for an unauthenticated SQL injection vulnerability in the SendGrid for WordPress plugin (versions up to 1.4). The PoC demonstrates a time-based SQL injection via the 'orderby' parameter in the admin logs page.

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smackcoders SendGrid for WordPress allows SQL Injection.This issue affects SendGrid for WordPress: from n/a through 1.4.

Exploits (1)

nomisec WORKING POC 1 stars
by RandomRobbieBF · poc
https://github.com/RandomRobbieBF/CVE-2024-43965

The repository contains a functional proof-of-concept for an unauthenticated SQL injection vulnerability in the SendGrid for WordPress plugin (versions up to 1.4). The PoC demonstrates a time-based SQL injection via the 'orderby' parameter in the admin logs page.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: SendGrid for WordPress <= 1.4
Auth required
Prerequisites: Access to the WordPress admin interface · Valid session cookies
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Nuclei Templates (1)

SendGrid for WordPress <= 1.4 - SQL Injection
CRITICALVERIFIEDby Shivam Kamboj

References (1)

Core 1

Scores

CVSS v3 8.2
EPSS 0.0188
EPSS Percentile 76.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-89
Status published
Products (2)
smackcoders/sendgrid < 1.4
Smackcoders/SendGrid for WordPress < 1.4
Published Aug 29, 2024
Tracked Since Feb 18, 2026