CVE-2024-9796

CRITICAL NUCLEI

WP-Advanced-Search < 3.3.9.2 - Unauthenticated SQL Injection via t Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2024-9796. PoCs published by yup-Ivan, RandomRobbieBF, BwithE. A Nuclei detection template is also available.

AI-analyzed exploit summary This is a functional PoC for CVE-2024-9796, demonstrating SQL injection in the WP Advanced Search plugin for WordPress via unsanitized GET parameters. The exploit targets the autocompletion endpoint to extract user credentials or database information.

Description

The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks

Exploits (4)

nomisec WORKING POC 2 stars
by yup-Ivan · poc
https://github.com/yup-Ivan/CVE-2024-9796

This is a functional PoC for CVE-2024-9796, demonstrating SQL injection in the WP Advanced Search plugin for WordPress via unsanitized GET parameters. The exploit targets the autocompletion endpoint to extract user credentials or database information.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: WP Advanced Search plugin for WordPress <= 3.3.9.2
No auth needed
Prerequisites: WordPress with vulnerable WP Advanced Search plugin installed · Access to the autocompletion endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 2 stars
by RandomRobbieBF · poc
https://github.com/RandomRobbieBF/CVE-2024-9796

This repository provides a proof-of-concept for an unauthenticated SQL injection vulnerability in the WordPress WP-Advanced-Search plugin (versions up to 3.3.9). The exploit leverages a time-based blind SQL injection via the 'f' parameter in an autocompletion endpoint.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: WordPress WP-Advanced-Search <= 3.3.9
No auth needed
Prerequisites: Target running vulnerable version of WP-Advanced-Search plugin · Access to the autocompletion endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by BwithE · poc
https://github.com/BwithE/CVE-2024-9796

This PoC demonstrates an unauthenticated SQL injection vulnerability in WP-Advanced-Search < 3.3.9.2, allowing an attacker to dump WordPress user credentials and password hashes. The exploit constructs a malicious SQL query via URL parameters to extract data from the wp_users table.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: WP-Advanced-Search < 3.3.9.2
No auth needed
Prerequisites: Target must have WP-Advanced-Search plugin installed and vulnerable version · Plugin endpoint must be accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec STUB 1 stars
by viniciuslazzari · poc
https://github.com/viniciuslazzari/CVE-2024-9796

The repository appears to be a stub or placeholder for CVE-2024-9796, containing standard WordPress files without any exploit code or clear vulnerability demonstration. The README incorrectly references CVE-2024-9797, suggesting a possible typo or mislabeling.

Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: WordPress (version unspecified)
No auth needed
Prerequisites: None identified
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

WordPress WP-Advanced-Search <= 3.3.9 - SQL Injection
CRITICALVERIFIEDby s4e-io
FOFA: body="/wp-content/plugins/wp-advanced-search/"

References (1)

Core 1
Core References
Exploit, Third Party Advisory exploit vdb-entry technical-description
https://wpscan.com/vulnerability/2ddd6839-6bcb-4bb8-97e0-1516b8c2b99b/

Scores

CVSS v3 9.8
EPSS 0.8312
EPSS Percentile 99.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
internet-formation/wp-advanced-search < 3.3.9.2
Published Oct 10, 2024
Tracked Since Feb 18, 2026