cbcvebase.
CVE-2024-9796
published 2024-10-10

CVE-2024-9796: The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing…

PriorityP268critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
2.99%
85.6th percentile
The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks

Affected

1 ranges
VendorProductVersion rangeFixed in
internet-formationwp-advanced-search< 3.3.9.23.3.9.2

Detection & IOCsextracted from sources · hover to see the quote

url/wp-content/plugins/wp-advanced-search/class.inc/autocompletion/autocompletion-PHP5.5.php?q=admin&t=wp_users%20--&f=user_login&type=&e
path/wp-content/plugins/wp-advanced-search/class.inc/autocompletion/autocompletion-PHP5.5.php
othert=wp_users%20--
  • Monitor GET requests to the autocompletion-PHP5.5.php endpoint with a 't' parameter containing SQL comment sequences (e.g., '--') as an indicator of SQLi exploitation
  • Use FOFA/Shodan-style fingerprinting to identify exposed instances of the vulnerable plugin via body content
  • The vulnerable parameter is 't' in the autocompletion endpoint; unauthenticated SQL injection is possible by appending arbitrary SQL via this parameter without any authentication
  • ·The vulnerability affects all versions up to and including 3.3.9; the fix is present in version 3.3.9.2 and later. Ensure version checks in detection rules account for this boundary.
  • ·The SQL injection is of the append/stacked-query type (unauthenticated), targeting the autocompletion endpoint specifically in autocompletion-PHP5.5.php; detection should focus on this file path rather than generic WordPress SQLi patterns.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.