Notificationx

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2024-1698 CRITICAL POC PATCH THREAT Act Now

SQL injection in the NotificationX WordPress plugin (versions up to and including 2.8.2) allows unauthenticated remote attackers to append arbitrary SQL queries via the 'type' parameter and exfiltrate sensitive database contents. Publicly available exploit code exists and the EPSS score of 93.74% (100th percentile) indicates very high probability of exploitation attempts in the wild, though the CVE is not currently listed in CISA KEV.

WordPress SQLi Notificationx

NVD VulDB

CVSS 3.1

9.8

EPSS

93.7%

Threat

6.3

CVE-2024-1698

EPSS 94% 6.3 CVSS 9.8

CRITICAL POC PATCH THREAT Act Now

SQL injection in the NotificationX WordPress plugin (versions up to and including 2.8.2) allows unauthenticated remote attackers to append arbitrary SQL queries via the 'type' parameter and exfiltrate sensitive database contents. Publicly available exploit code exists and the EPSS score of 93.74% (100th percentile) indicates very high probability of exploitation attempts in the wild, though the CVE is not currently listed in CISA KEV.

WordPress SQLi Notificationx

NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy