cbcvebase.
CVE-2024-6926
published 2024-09-04

CVE-2024-6926: The Viral Signup WordPress plugin through 2.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available…

PriorityP269critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
3.29%
87.0th percentile
The Viral Signup WordPress plugin through 2.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection

Affected

1 ranges
VendorProductVersion rangeFixed in
wow-companyviral_signup<= 2.1

Detection & IOCsextracted from sources · hover to see the quote

sigma
title: CVE-2024-6926 Viral Signup SQLi
detection:
  selection:
    http.uri|contains: 'viral-signup'
    http.request.body|contains:
      - "' OR "
      - "' AND "
      - "UNION SELECT"
    http.response.status_code: 200
  condition: selection
  • The SQL injection is triggered via an AJAX action available to unauthenticated users — monitor for unsanitised parameter values in AJAX requests to WordPress wp-admin/admin-ajax.php targeting the Viral Signup plugin (versions <= 2.1).
  • The nuclei template targets HTTP responses with status_code 200 as a positive match indicator for successful SQL injection exploitation against the Viral Signup plugin.
  • The plugin version affected is 2.1 and below — detect presence of the plugin via path-based fingerprinting (e.g., /wp-content/plugins/viral-signup/) and flag any AJAX calls with SQL metacharacters in parameters.
  • ·The SQL injection is exploitable by unauthenticated users, meaning no authentication bypass is required — WAF rules should apply to all users, not just authenticated sessions.
  • ·The nuclei template digest provided can be used to verify template integrity; the digest value should be validated before deploying the template in production scanning pipelines.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.