CVE-2024-30502
published 2024-03-29CVE-2024-30502: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel Engine.This issue affects WP Travel Engine…
PriorityP265critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
2.27%
80.8th percentile
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel Engine.This issue affects WP Travel Engine: from n/a through 5.7.9.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wp_travel_engine | wp_travel_engine | n/a – 5.7.9 | — |
| wptravelengine | wp_travel_engine | < 5.8.0 | 5.8.0 |
Detection & IOCsextracted from sources · hover to see the quote
sigma
status_code == 200 condition: and
- →Look for SQL injection attempts targeting WP Travel Engine plugin versions up to and including 5.7.9 ↗
- →A Sigma-style rule digest is associated with detection of this CVE: 4b0a00483046022100c9d19ccb4aa8b57cddf287c4c4352e988b60909192fdf6aef305bf6a01aae2e5022100ab1af50520ce48d9d107b6c6044b8dadab36e15faf229d7e95d91b9a18c65991:922c64590222798bb761d5b6d8e72950
- ·The detection rule fragment is incomplete — only a partial condition ('status_code == 200') and a digest are present in the source; full rule logic (filters, field mappings, SQL injection payload patterns) is not available from the provided sources.
- ·Affected version range is only bounded on the upper end (through 5.7.9); no lower bound ('from n/a') is specified, meaning all prior versions should be considered in scope. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
WP Travel Engine <= 5.7.9 - SQL Injection
nuclei·CVSS 9.8
CVE-2024-30502 [CRITICAL] WP Travel Engine <= 5.7.9 - SQL Injection
WP Travel Engine =7'
- 'status_code == 200'
condition: and
# digest: 4b0a00483046022100c9d19ccb4aa8b57cddf287c4c4352e988b60909192fdf6aef305bf6a01aae2e5022100ab1af50520ce48d9d107b6c6044b8dadab36e15faf229d7e95d91b9a18c65991:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
https://patchstack.com/database/vulnerability/wp-travel-engine/wordpress-wp-travel-engine-plugin-5-7-9-unauth-blind-sql-injection-vulnerability?_s_id=cvehttps://patchstack.com/database/vulnerability/wp-travel-engine/wordpress-wp-travel-engine-plugin-5-7-9-unauth-blind-sql-injection-vulnerability?_s_id=cve
2024-03-29
Published