What is CVE-2024-6928?

CVE-2024-6928 is a vulnerability in Opti Marketing, classified under CWE-89 SQL INJECTION. Published 2024-09-08.

Is CVE-2024-6928 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Opti Marketing

CVE-2024-6928

The Opti Marketing WordPress plugin through 2.0.9 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.

EPSS: 0.765 (99.0th percentile) — read the EPSS interpretation.

Affected products

Unknown Opti Marketing — versions 0

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/cve-scores
fkie-cad/nvd-json-data-feeds

References

wpscan.com/vulnerability/7bb9474f-2b9d-4856-b36d-a43da3db0245/ (exploit, vdb-entry, technical-description)

Frequently asked questions

What is CVE-2024-6928?: CVE-2024-6928 is a vulnerability in Opti Marketing, classified under CWE-89 SQL INJECTION. Published 2024-09-08.
Is CVE-2024-6928 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.