CVE-2024-6928

📊 9.8 CRITICAL⚡ 69.6%🎯 0 exploits

📅 Published Sep 8, 2024

📋 Status: Analyzed

The Opti Marketing WordPress plugin through 2.0.9 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.

CVSS v3.1 • NVD

🎯 Affected Products & Systems

1 product configurations affected

Filter by type:

Type	Vendor	Product	Version Range	Status	CPE String
📱App	opti.marketing	opti marketing	≤ 2.0.9 Target SW: wordpress	Vulnerable	cpe:2.3:a:opti.marketing:opti_marketing::::::wordpress::*

📱

opti.marketing / opti marketing

Application

Vulnerable

Version: ≤ 2.0.9

Target SW: wordpress

CPE:

cpe:2.3:a:opti.marketing:opti_marketing:*:*:*:*:*:wordpress:*:*

Metrics

9.8 CRITICALCVSS v3.1[email protected]

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector:

NETWORK

Complexity:

LOW

Privileges:

NONE

User Interaction:

NONE

Confidentiality:

HIGH

Integrity:

HIGH

Availability:

HIGH

Scope:

UNCHANGED

🔍 Technical Details

Analysis Status

Analyzed

CVSS Details

9.8 (CRITICAL)v3.1

Source: [email protected]

EPSS Details

69.6% (High)98.6th percentile

Last updated: Oct 30, 2025

Exploitation probability within 30 days

Published Date

Sep 8, 2024 (1 year ago)

Last Modified

Oct 7, 2024 (1 year ago)

Security Weaknesses1

CWE-89

References1

NVD