What is CVE-2024-6926?

CVE-2024-6926 is a vulnerability in Viral Signup, classified under CWE-89 SQL INJECTION. Published 2024-09-04.

Is CVE-2024-6926 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Viral Signup

CVE-2024-6926

The Viral Signup WordPress plugin through 2.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection

EPSS: 0.744 (98.9th percentile) — read the EPSS interpretation.

Affected products

Unknown Viral Signup — versions 0

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/cve-scores
fkie-cad/nvd-json-data-feeds

References

wpscan.com/vulnerability/9ce96ce5-fcf0-4d7a-b562-f63ea3418d93/ (exploit, vdb-entry, technical-description)

Frequently asked questions

What is CVE-2024-6926?: CVE-2024-6926 is a vulnerability in Viral Signup, classified under CWE-89 SQL INJECTION. Published 2024-09-04.
Is CVE-2024-6926 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.