CVE-2024-9796

Summary

CVE-2024-9796 identifies a critical vulnerability in the WP-Advanced-Search WordPress plugin prior to version 3.3.9.2, allowing unauthenticated users to execute SQL injection attacks due to improper sanitization of the "t" parameter in SQL statements. This flaw affects multiple products, including 'zWXA-s' and 'zWXA-t', potentially leading to significant integrity and confidentiality impacts within an organization. Remediation involves updating the plugin to version 3.3.9.2 or later to mitigate this risk. The vulnerability has a CVSS base score of 9.8, indicating high exploitability with no required privileges or user interaction for successful exploitation through network vectors. Organizations are encouraged to implement immediate updates to safeguard against potential data breaches and unauthorized access resulting from this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.