cbcvebase.
CVE-2024-13726
published 2025-02-17

CVE-2024-13726: The Coder WordPress plugin through 1.3.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to…

PriorityP265high8.6CVSS 3.1
AVNACLPRNUINSCCHINAN
EXPLOIT
EPSS
1.91%
77.2th percentile
The Coder WordPress plugin through 1.3.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection

Affected

1 ranges
VendorProductVersion rangeFixed in
themescoderthemes_coder<= 1.3.4

Detection & IOCsextracted from sources · hover to see the quote

sigma
status_code == 200
bytes
4a0a00473045022100c7214d44bb95ba796a38eafb8c1ec46ffa67c6cf765a66d46487ea9f781cd18702206ad7eed7394c282a8eb65e9fb6e1e765b78201efbde82be42eb06a5ee28e80df:922c64590222798bb761d5b6d8e72950
  • The SQL injection is reachable via an AJAX action available to unauthenticated users — monitor WordPress AJAX endpoints (wp-admin/admin-ajax.php) for requests containing SQL metacharacters (e.g. single-quote payloads) targeting the Coder plugin.
  • Probe/exploit traffic can be fingerprinted by the SQL injection canary value '6'' appended to the 'Themes Coder Ecommerce' parameter in the request body.
  • ·The Coder WordPress plugin is only confirmed vulnerable through version 1.3.4; detections should be scoped to installations running <= 1.3.4.
  • ·The AJAX action is accessible to unauthenticated users, meaning no authentication bypass is required — detection rules should not filter out unauthenticated sessions.
  • ·The rule digest provided in the source may be used to verify rule integrity; validate the digest before deploying the detection rule in production.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.