cbcvebase.
CVE-2024-30502
published 2024-03-29

CVE-2024-30502: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel Engine.This issue affects WP Travel Engine…

PriorityP265critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
2.27%
80.8th percentile
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel Engine.This issue affects WP Travel Engine: from n/a through 5.7.9.

Affected

2 ranges
VendorProductVersion rangeFixed in
wp_travel_enginewp_travel_enginen/a – 5.7.9
wptravelenginewp_travel_engine< 5.8.05.8.0

Detection & IOCsextracted from sources · hover to see the quote

sigma
status_code == 200
condition: and
  • Look for SQL injection attempts targeting WP Travel Engine plugin versions up to and including 5.7.9
  • A Sigma-style rule digest is associated with detection of this CVE: 4b0a00483046022100c9d19ccb4aa8b57cddf287c4c4352e988b60909192fdf6aef305bf6a01aae2e5022100ab1af50520ce48d9d107b6c6044b8dadab36e15faf229d7e95d91b9a18c65991:922c64590222798bb761d5b6d8e72950
  • ·The detection rule fragment is incomplete — only a partial condition ('status_code == 200') and a digest are present in the source; full rule logic (filters, field mappings, SQL injection payload patterns) is not available from the provided sources.
  • ·Affected version range is only bounded on the upper end (through 5.7.9); no lower bound ('from n/a') is specified, meaning all prior versions should be considered in scope.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.