CVE-2024-6205

CRITICAL EXPLOITED NUCLEI

PayPlus Payment Gateway <6.6.9 - SQL Injection

Title source: llm

Description

The PayPlus Payment Gateway WordPress plugin before 6.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement via a WooCommerce API route available to unauthenticated users, leading to an SQL injection vulnerability.

Exploits (1)

nomisec WORKING POC 1 stars

by j3r1ch0123 · infoleak

https://github.com/j3r1ch0123/CVE-2024-6205

View Code ZIP pw:eip

Nuclei Templates (1)

PayPlus Payment Gateway < 6.6.9 - SQL Injection

CRITICALby s4e-io

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/7e2c5032-2917-418c-aee3-092bdb78a087/

Scores

CVSS v3 9.8

EPSS 0.9037

EPSS Percentile 99.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2025-01-22

CWE

CWE-89

Status published

Products (1)

payplus/payplus_payment_gateway < 6.6.9

Published Jul 19, 2024

Tracked Since Feb 18, 2026