.. / CVE-2024-6205

Exploit for PayPlus Payment Gateway < 6.6.9 - SQL Injection (CVE-2024-6205)

Description:

The PayPlus Payment Gateway WordPress plugin before 6.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement via a WooCommerce API route available to unauthenticated users, leading to an SQL injection vulnerability.

Nuclei Template

View the template here CVE-2024-6205.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-6205.yaml
Copy

References:

https://wpscan.com/vulnerability/7e2c5032-2917-418c-aee3-092bdb78a087
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/payplus-payment-gateway/payplus-payment-gateway-668-unauthenticated-sql-injection
https://nvd.nist.gov/vuln/detail/CVE-2024-6205