Unauthenticated SQL Injection Vulnerability in TrueBooker WordPress Plugin
CVE-2024-6924
Key Information:
- Vendor
- Wordpress
- Status
- Vendor
- CVE Published:
- 8 September 2024
Badges
Summary
A vulnerability exists in the TrueBooker WordPress plugin that allows unauthenticated users to execute SQL injection attacks. The flaw arises from insufficient sanitization and escaping of a parameter submitted via AJAX, which is then incorporated into SQL statements. This can lead to unauthorized access to the WordPress database, exposing sensitive information and potentially compromising the integrity of the website. Users are advised to update to version 1.0.3 or later to mitigate the risk associated with this vulnerability.
Affected Version(s)
TrueBooker 0 < 1.0.3
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved