What is CVE-2024-6205?

CVE-2024-6205 is a vulnerability in Payplus Payment Gateway, classified under CWE-89 SQL INJECTION. Published 2024-07-19.

Is CVE-2024-6205 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Payplus Payment Gateway

CVE-2024-6205

The PayPlus Payment Gateway WordPress plugin before 6.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement via a WooCommerce API route available to unauthenticated users, leading to an SQL injection vuln…

EPSS: 0.902 (99.6th percentile) — read the EPSS interpretation.

Affected products

Unknown Payplus Payment Gateway — versions 0

Public proof-of-concept exploits

j3r1ch0123/CVE-2024-6205
20142995/nuclei-templates
cyberdyne-ventures/predictions
nomi-sec/PoC-in-GitHub
opendr-io/causality

References

wpscan.com/vulnerability/7e2c5032-2917-418c-aee3-092bdb78a087/ (exploit, vdb-entry, technical-description)

Frequently asked questions

What is CVE-2024-6205?: CVE-2024-6205 is a vulnerability in Payplus Payment Gateway, classified under CWE-89 SQL INJECTION. Published 2024-07-19.
Is CVE-2024-6205 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.