CVE-2024-6205
published 2024-07-19CVE-2024-6205: The PayPlus Payment Gateway WordPress plugin before 6.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement via a…
PriorityP182critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
4.17%
89.6th percentile
The PayPlus Payment Gateway WordPress plugin before 6.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement via a WooCommerce API route available to unauthenticated users, leading to an SQL injection vulnerability.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| payplus | payplus_payment_gateway | < 6.6.9 | 6.6.9 |
Detection & IOCsextracted from sources · hover to see the quote
- →The SQL injection is exploitable by unauthenticated users via a WooCommerce API route — monitor for anomalous/unauthenticated requests to WooCommerce API endpoints in PayPlus plugin paths. ↗
- →Detection template triggers on HTTP 302 redirect responses whose body matches the regex '^-1$' and content-type is text/html — indicative of a time-based or boolean-based SQLi probe response from the vulnerable endpoint.
- →The nuclei-style template targets PayPlus Payment Gateway versions equal to or greater than 6 ("PayPlus Payment Gateway =6") — scope detection to sites running this plugin version range.
- ·The detection condition requires ALL three matchers to fire simultaneously (AND logic): HTTP 302 status, body matching '^-1$', and text/html content-type. Tuning may be needed to reduce false positives in environments where 302 redirects are common.
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h8w3-xwp6-m9v8: The PayPlus Payment Gateway WordPress plugin before 6
ghsa_unreviewed·2024-07-19
CVE-2024-6205 [CRITICAL] CWE-89 GHSA-h8w3-xwp6-m9v8: The PayPlus Payment Gateway WordPress plugin before 6
The PayPlus Payment Gateway WordPress plugin before 6.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement via a WooCommerce API route available to unauthenticated users, leading to an SQL injection vulnerability.
VulnCheck
payplus payplus_payment_gateway Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
vulncheck·2024·CVSS 9.8
CVE-2024-6205 [CRITICAL] payplus payplus_payment_gateway Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
payplus payplus_payment_gateway Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The PayPlus Payment Gateway WordPress plugin before 6.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement via a WooCommerce API route available to unauthenticated users, leading to an SQL injection vulnerability.
Affected: payplus payplus_payment_gateway
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2025-01-22&host_type=src&vulnerability=cve-2024-6205; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?
No detection rules found.
Nuclei
PayPlus Payment Gateway < 6.6.9 - SQL Injection
nuclei·CVSS 9.8
CVE-2024-6205 [CRITICAL] PayPlus Payment Gateway < 6.6.9 - SQL Injection
PayPlus Payment Gateway =6"
- "status_code == 302"
- "regex('^-1$', body)"
- 'contains(content_type,"text/html")'
condition: and
# digest: 490a00463044022044e429fbefdf11f9ff17225418f182f4492a712a7d2fa5352fdf5ed67a6bcf8102200d18b096a857dc8153eeafae405f698a50aaa43a8bc27bbda3e71cecb910f324:922c64590222798bb761d5b6d8e72950
Greynoiseio
NoiseLetter October 2025
blogs_greynoiseio
NoiseLetter October 2025
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
Bugzilla
CVE-2020-25219 libproxy: uncontrolled recursion via an infinite stream response leading to stack exhaustion
bugzilla·2020-09-18·CVSS 7.5
CVE-2020-25219 [HIGH] CVE-2020-25219 libproxy: uncontrolled recursion via an infinite stream response leading to stack exhaustion
CVE-2020-25219 libproxy: uncontrolled recursion via an infinite stream response leading to stack exhaustion
url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion.
Upstream Reference:
https://github.com/libproxy/libproxy/issues/134
Discussion:
Created libproxy tracking bugs for this issue:
Affects: fedora-all [bug 1880350]
---
*** Bug 1883568 has been marked as a duplicate of this bug. ***
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8.8 Extended Update Support
Via RHSA-2024:6205 https://access.redhat.com/errata/RHSA-2024:6205
2024-07-19
Published
Exploited in the wild