CVE-2024-6928
published 2024-09-08CVE-2024-6928: The Opti Marketing WordPress plugin through 2.0.9 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action…
PriorityP269critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
3.29%
86.9th percentile
The Opti Marketing WordPress plugin through 2.0.9 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| opti.marketing | opti_marketing | <= 2.0.9 | — |
Detection & IOCsextracted from sources · hover to see the quote
snort
alert http any any -> any any (msg:"CVE-2024-6928 Opti Marketing WordPress SQLi"; flow:to_server,established; content:"POST"; http_method; content:"/wp-admin/admin-ajax.php"; http_uri; content:"action="; http_client_body; pcre:"/['\"%20]+(union|select|insert|update|delete|drop|--)/Pi"; sid:20246928; rev:1;)
- →The SQL injection is triggered via an unauthenticated AJAX action — monitor POST requests to /wp-admin/admin-ajax.php from unauthenticated sessions (no valid WordPress auth cookies) containing SQL metacharacters or keywords in body parameters. ↗
- →The nuclei template targets HTTP 200 responses specifically — a successful blind/error-based SQLi probe returning HTTP 200 from admin-ajax.php against the Opti Marketing plugin should be treated as a confirmed hit.
- →The plugin version range affected is up to and including 2.0.9 — fingerprint installed plugin version via /wp-content/plugins/opti-marketing/readme.txt or similar to identify vulnerable installations. ↗
- ·The nuclei template digest/signature is present but the source URL for the template is blank — the template provenance cannot be fully verified from the provided sources.
- ·The specific AJAX action name (the `action=` parameter value) used by the vulnerable Opti Marketing plugin endpoint is not disclosed in the available sources — detections based solely on admin-ajax.php may produce false positives without the exact action name. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Opti Marketing <= 2.0.9 - SQL Injection
nuclei·CVSS 9.8
CVE-2024-6928 [CRITICAL] Opti Marketing <= 2.0.9 - SQL Injection
Opti Marketing =6'
- 'status_code == 200'
condition: and
# digest: 4b0a00483046022100a7969d8db57adf62e7dfbba5a7bf498146b6762e8b1157832fb9bfada448ce5a0221008510ffdfda6a6cc2814c98f8865d74e469b430853fbbbef413460597d9cca114:922c64590222798bb761d5b6d8e72950
2024-09-08
Published