SendGrid SQL Injection Vulnerability Affects WordPress Users
CVE-2024-43965

9.8CRITICAL

Key Information:

Vendor: Wordpress
Status: Sendgrid For WordPress
Vendor: CVE Published:; 29 August 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

The vulnerability in Smackcoders SendGrid for WordPress enables an improper neutralization of special characters in SQL commands, leading to an SQL Injection risk. Attackers can exploit this flaw to execute arbitrary SQL code in the database, potentially allowing unauthorized access to sensitive data or manipulation of the database contents. This issue affects all versions of SendGrid for WordPress prior to 1.4, making it crucial for users to update to the latest version to mitigate potential security threats.

Affected Version(s)

SendGrid for WordPress <= 1.4

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-43965
Created by RandomRobbieBF

References

https://patchstack.com/database/vulnerability/wp-sendgrid...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Oct 14, 2024
👾
Exploit known to exist
Oct 14, 2024
Vulnerability published
Aug 29, 2024
Vulnerability Reserved
Aug 18, 2024

Credit

Ananda Dhakal (Patchstack)