exploitDog

CVE-2024-6159

Опубликовано: 15 мая 2025

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

The Push Notification for Post and BuddyPress WordPress plugin before 1.9.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection

Ссылки

https://wpscan.com/vulnerability/de20ebda-b0bc-489e-a8d3-e9487a2b48e8/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/de20ebda-b0bc-489e-a8d3-e9487a2b48e8/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pnfpb:push_notification_for_post_and_buddypress:*:*:*:*:*:wordpress:*:*

Версия до 1.9.4 (исключая)

EPSS

Процентиль: 93%

0.09844

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-w589-4j7g-6889

CVSS3: 9.8

github

9 месяцев назад

The Push Notification for Post and BuddyPress WordPress plugin before 1.9.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection

EPSS

Процентиль: 93%

0.09844

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89