What is CVE-2024-5765?

CVE-2024-5765 is a vulnerability in Wpstickybar, classified under CWE-89 SQL INJECTION. Published 2024-07-30.

Is CVE-2024-5765 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Wpstickybar

CVE-2024-5765

The WpStickyBar WordPress plugin through 2.1.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection

EPSS: 0.774 (99.0th percentile) — read the EPSS interpretation.

Affected products

Unknown Wpstickybar — versions 0

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/cve-scores

References

wpscan.com/vulnerability/0b73f84c-611e-4681-b362-35e721478ba4/ (exploit, vdb-entry, technical-description)

Frequently asked questions

What is CVE-2024-5765?: CVE-2024-5765 is a vulnerability in Wpstickybar, classified under CWE-89 SQL INJECTION. Published 2024-07-30.
Is CVE-2024-5765 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.