CVE-2024-43965
published 2024-08-29CVE-2024-43965: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smackcoders SendGrid for WordPress allows SQL…
PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
1.88%
76.8th percentile
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smackcoders SendGrid for WordPress allows SQL Injection.This issue affects SendGrid for WordPress: from n/a through 1.4.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| smackcoders | sendgrid | <= 1.4 | — |
| smackcoders | sendgrid_for_wordpress | n/a – 1.4 | — |
Detection & IOCsextracted from sources · hover to see the quote
sigma
contains_all(body, "wp-mailplus", "SendGrid")
- →Look for HTTP requests targeting the SendGrid for WordPress (wp-mailplus) plugin containing SQL injection payloads; the plugin is vulnerable through version 1.4. ↗
- →Fingerprint requests by the co-presence of 'wp-mailplus' and 'SendGrid' strings in the HTTP body to identify exploitation attempts against this plugin.
- ·The vulnerability affects SendGrid for WordPress versions from n/a through 1.4 only; patched versions are not affected. ↗
- ·The Sigma/detection rule digest provided should be validated before deployment: verify the rule hash matches your trusted source before use in production.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
SendGrid for WordPress <= 1.4 - SQL Injection
nuclei·CVSS 9.8
CVE-2024-43965 [CRITICAL] SendGrid for WordPress <= 1.4 - SQL Injection
SendGrid for WordPress = 8'
- 'contains_all(body, "wp-mailplus", "SendGrid")'
condition: and
# digest: 4a0a00473045022100bfd34cb8c4cd14362bf65c361bd019d6ecae82d2c8f564cf86257b6e626fcf53022058250c25225c165869509351bf8dfa23cb99bf0b7005bf093d5402936d71e3f3:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
2024-08-29
Published