What is CVE-2024-6924?

CVE-2024-6924 is a vulnerability in Truebooker, classified under CWE-89 SQL INJECTION. Published 2024-09-08.

Is CVE-2024-6924 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Truebooker

CVE-2024-6924

The TrueBooker WordPress plugin before 1.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.

EPSS: 0.765 (99.0th percentile) — read the EPSS interpretation.

Affected products

Unknown Truebooker — versions 0

Public proof-of-concept exploits

20142995/nuclei-templates
fkie-cad/nvd-json-data-feeds

References

wpscan.com/vulnerability/39e79801-6ec7-4579-bc6b-fd7e899733a8/ (exploit, vdb-entry, technical-description)

Frequently asked questions

What is CVE-2024-6924?: CVE-2024-6924 is a vulnerability in Truebooker, classified under CWE-89 SQL INJECTION. Published 2024-09-08.
Is CVE-2024-6924 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.