CVE-2024-54292

CRITICAL

Appsplate <= 2.1.3 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-54292. PoCs published by RandomRobbieBF.

AI-analyzed exploit summary This repository contains a proof-of-concept for CVE-2024-54292, an unauthenticated SQL injection vulnerability in the Appsplate WordPress plugin (versions up to 2.1.3). The PoC demonstrates the use of sqlmap to exploit the vulnerability via the 'code' parameter in a GET request.

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in appsplate Appsplate appsplate allows SQL Injection.This issue affects Appsplate: from n/a through <= 2.1.3.

Exploits (1)

nomisec WORKING POC
by RandomRobbieBF · poc
https://github.com/RandomRobbieBF/CVE-2024-54292

This repository contains a proof-of-concept for CVE-2024-54292, an unauthenticated SQL injection vulnerability in the Appsplate WordPress plugin (versions up to 2.1.3). The PoC demonstrates the use of sqlmap to exploit the vulnerability via the 'code' parameter in a GET request.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Appsplate WordPress plugin <= 2.1.3
No auth needed
Prerequisites: Access to the target WordPress site with the vulnerable Appsplate plugin installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 9.3
EPSS 0.0077
EPSS Percentile 50.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (2)
Appsplate/Appsplate < 2.1.3
appsplate/Appsplate < 2.1.3
Published Dec 13, 2024
Tracked Since Feb 18, 2026