What is CVE-2024-9796?

CVE-2024-9796 is a vulnerability in Wp-advanced-search, classified under CWE-89 SQL INJECTION. Published 2024-10-10.

Is CVE-2024-9796 known to be exploited?

12 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Wp-advanced-search

CVE-2024-9796

The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks

EPSS: 0.831 (99.3th percentile) — read the EPSS interpretation.

Affected products

Unknown Wp-advanced-search — versions 0

Public proof-of-concept exploits

RandomRobbieBF/CVE-2024-9796
yup-Ivan/CVE-2024-9796
BwithE/CVE-2024-9796
viniciuslazzari/CVE-2024-9796
fkie-cad/nvd-json-data-feeds
issamjr/CVE-2024-9796
nomi-sec/PoC-in-GitHub
plzheheplztrying/cve_
zulloper/cve-poc
PuddinCat/GithubRepoSpider

References

wpscan.com/vulnerability/2ddd6839-6bcb-4bb8-97e0-1516b8c2b99b/ (exploit, vdb-entry, technical-description)

Frequently asked questions

What is CVE-2024-9796?: CVE-2024-9796 is a vulnerability in Wp-advanced-search, classified under CWE-89 SQL INJECTION. Published 2024-10-10.
Is CVE-2024-9796 known to be exploited?: 12 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.