cve/CVE-2024-13184.md at main

admin/cve

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2025-11-28 18:48:49 +00:00

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

1.3 KiB

Raw Permalink Blame History

CVE-2024-13184

Description

The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to time-based SQL Injection via the Login Attempts module in all versions up to, and including, 3.0.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

POC

Reference

No PoCs from references.

Github

https://github.com/20142995/nuclei-templates
https://github.com/RandomRobbieBF/CVE-2024-13184
https://github.com/cyb3r-w0lf/nuclei-template-collection
https://github.com/fkie-cad/nvd-json-data-feeds

1.3 KiB Raw Permalink Blame History Unescape Escape

CVE-2024-13184

Description

POC

Reference

Github

1.3 KiB

Raw Permalink Blame History