cbcvebase.
CVE-2024-43965
published 2024-08-29

CVE-2024-43965: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smackcoders SendGrid for WordPress allows SQL…

PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
1.88%
76.8th percentile
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smackcoders SendGrid for WordPress allows SQL Injection.This issue affects SendGrid for WordPress: from n/a through 1.4.

Affected

2 ranges
VendorProductVersion rangeFixed in
smackcoderssendgrid<= 1.4
smackcoderssendgrid_for_wordpressn/a – 1.4

Detection & IOCsextracted from sources · hover to see the quote

sigma
contains_all(body, "wp-mailplus", "SendGrid")
  • Look for HTTP requests targeting the SendGrid for WordPress (wp-mailplus) plugin containing SQL injection payloads; the plugin is vulnerable through version 1.4.
  • Fingerprint requests by the co-presence of 'wp-mailplus' and 'SendGrid' strings in the HTTP body to identify exploitation attempts against this plugin.
  • ·The vulnerability affects SendGrid for WordPress versions from n/a through 1.4 only; patched versions are not affected.
  • ·The Sigma/detection rule digest provided should be validated before deployment: verify the rule hash matches your trusted source before use in production.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.