CVE-2024-6159
published 2025-05-15CVE-2024-6159: The Push Notification for Post and BuddyPress WordPress plugin before 1.9.4 does not properly sanitise and escape a parameter before using it in a SQL…
PriorityP269critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
2.49%
82.6th percentile
The Push Notification for Post and BuddyPress WordPress plugin before 1.9.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pnfpb | push_notification_for_post_and_buddypress | < 1.9.4 | 1.9.4 |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability is a SQL injection triggered via an AJAX action accessible to unauthenticated users. Monitor WordPress AJAX endpoints (wp-admin/admin-ajax.php) for unsanitised parameter values characteristic of SQL injection payloads originating from unauthenticated requests targeting the Push Notification for Post and BuddyPress plugin (versions before 1.9.4).
- →Flag any requests to wp-admin/admin-ajax.php from unauthenticated sessions that include SQL metacharacters (e.g. single quotes, UNION, SELECT, --) in parameters associated with the Push Notification for Post and BuddyPress plugin.
- ·The Sigma rule digest is embedded in the rule comment and can be used to verify rule integrity/authenticity.
- ·Only plugin versions before 1.9.4 are vulnerable. Ensure version detection is part of your asset inventory to scope detection efforts.
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w589-4j7g-6889: The Push Notification for Post and BuddyPress WordPress plugin before 1
ghsa_unreviewed·2025-05-15
CVE-2024-6159 [CRITICAL] CWE-89 GHSA-w589-4j7g-6889: The Push Notification for Post and BuddyPress WordPress plugin before 1
The Push Notification for Post and BuddyPress WordPress plugin before 1.9.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
OSV
python-tornado vulnerabilities
osv·2024-12-11·CVSS 6.1
CVE-2023-28370 python-tornado vulnerabilities
python-tornado vulnerabilities
It was discovered that Tornado incorrectly handled a certain redirect.
A remote attacker could possibly use this issue to redirect a user to an
arbitrary web site and conduct a phishing attack by having the user access
a specially crafted URL. This issue was only addressed in Ubuntu 22.04 LTS,
Ubuntu 20.04 LTS, and Ubuntu 18.04 LTS. Ubuntu 16.04 LTS was previously
addressed in USN-6159-1. (CVE-2023-28370)
It was discovered that Tornado inefficiently handled requests when parsing
cookies. An attacker could possibly use this issue to increase resource
utilization leading to a denial of service. (CVE-2024-52804)
No detection rules found.
Nuclei
Push Notification for Post and BuddyPress <= 1.93 - SQL Injection
nuclei·CVSS 9.8
CVE-2024-6159 [CRITICAL] Push Notification for Post and BuddyPress <= 1.93 - SQL Injection
Push Notification for Post and BuddyPress =6'
- 'contains(content_type,"text/html")'
- 'status_code == 200'
condition: and
# digest: 4a0a00473045022033996516d0083801d7aeaea28de7ac267959b9749b4b176e606d7fb91b5e5266022100d6b407045b5d6b2ff57c854090d9c6a6bfe5d2940dd21917f73311ecdd34bd09:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
2025-05-15
Published