CVE-2024-56284

Critical

Published: 07 January 2025

Published

07 January 2025

Modified

23 April 2026

KEV Added

—

Patch

—

CVSS Score 9.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

EPSS Score 0.0030 53.7th percentile

Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in sslplugins SSL Wireless SMS Notification ssl-wireless-sms-notification allows SQL Injection.This issue affects SSL Wireless SMS Notification: from n/a through <= 3.5.0.

Security Summary

CVE-2024-56284 is an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability, classified under CWE-89. It affects the sslplugins SSL Wireless SMS Notification WordPress plugin (ssl-wireless-sms-notification), impacting all versions from n/a through 3.5.0. The vulnerability was published on 2025-01-07.

The attack scenario enables exploitation over the network (AV:N) with low attack complexity (AC:L), requiring no privileges (PR:N) or user interaction (UI:N). Successful exploitation changes scope (S:C), resulting in high confidentiality impact (C:H) for data exposure and low availability impact (A:L), yielding a CVSS v3.1 base score of 9.3.

Patchstack provides details on mitigation in its advisory for the WordPress SSL Wireless SMS Notification plugin 3.5.0 SQL Injection vulnerability at https://patchstack.com/database/Wordpress/Plugin/ssl-wireless-sms-notification/vulnerability/wordpress-ssl-wireless-sms-notification-plugin-3-5-0-sql-injection-vulnerability?_s_id=cve.

Details

CWE(s): CWE-89

References

https://patchstack.com/database/Wordpress/Plugin/ssl-wireless-sms-notification/vulnerability/wordpress-ssl-wireless-sms-notification-plugin-3-5-0-sql-injection-vulnerability?_s_id=cve
audit@patchstack.com