CVE-2024-9796

CRITICAL NUCLEI

Internet-formation Wp-advanced-search < 3.3.9.2 - SQL Injection

Title source: rule

Description

The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks

Exploits (5)

nomisec WORKING POC 2 stars

by yup-Ivan · poc

https://github.com/yup-Ivan/CVE-2024-9796

View Code ZIP pw:eip

nomisec WORKING POC 2 stars

by RandomRobbieBF · poc

https://github.com/RandomRobbieBF/CVE-2024-9796

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by BwithE · poc

https://github.com/BwithE/CVE-2024-9796

View Code ZIP pw:eip

nomisec STUB 1 stars

by viniciuslazzari · poc

https://github.com/viniciuslazzari/CVE-2024-9796

View Code ZIP pw:eip

inthewild

poc

https://github.com/issamjr/cve-2024-9796

View on inthewild

Nuclei Templates (1)

WordPress WP-Advanced-Search <= 3.3.9 - SQL Injection

CRITICALVERIFIEDby s4e-io

FOFA: body="/wp-content/plugins/wp-advanced-search/"

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/2ddd6839-6bcb-4bb8-97e0-1516b8c2b99b/

Scores

CVSS v3 9.8

EPSS 0.8312

EPSS Percentile 99.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

internet-formation/wp-advanced-search < 3.3.9.2

Published Oct 10, 2024

Tracked Since Feb 18, 2026