Login Sign Up

CVE-2024-5765

9.8 CRITICAL
SQL Injection

📋 TL;DR

This vulnerability allows unauthenticated attackers to execute arbitrary SQL commands on WordPress sites using the WpStickyBar plugin. Attackers can potentially read, modify, or delete database content, including sensitive user data. All WordPress installations with vulnerable versions of the WpStickyBar plugin are affected.

💻 Affected Systems

Products:
  • WpStickyBar WordPress Plugin
Versions: through 2.1.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability is present in default plugin configuration and requires no special setup to be exploitable.

📦 What is this software?

Wpstickybar by A17lab

View all CVEs affecting Wpstickybar →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, site defacement, privilege escalation, and potential remote code execution via database functions.

🟠

Likely Case

Data exfiltration of sensitive information (user credentials, personal data), database manipulation, and potential site takeover.

🟢

If Mitigated

Limited impact if proper WAF rules block SQL injection patterns or if the plugin is disabled.

🌐 Internet-Facing: HIGH
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

SQL injection via AJAX endpoint available to unauthenticated users makes exploitation trivial for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.1.1 or later

Vendor Advisory: https://wpscan.com/vulnerability/0b73f84c-611e-4681-b362-35e721478ba4/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find WpStickyBar and click 'Update Now'. 4. Verify plugin version is 2.1.1 or higher.

🔧 Temporary Workarounds

Disable WpStickyBar Plugin

all

Temporarily disable the vulnerable plugin until patched.

wp plugin deactivate wp-sticky-bar

Block AJAX Endpoint via WAF

all

Configure WAF to block requests to the vulnerable AJAX endpoint.

Block requests to /wp-admin/admin-ajax.php with action parameter containing 'wp_sticky_bar'

🧯 If You Can't Patch

  • Disable the WpStickyBar plugin immediately
  • Implement strict WAF rules to block SQL injection patterns targeting the vulnerable endpoint

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Installed Plugins for WpStickyBar version 2.1.0 or earlier.

Check Version:

wp plugin list --name=wp-sticky-bar --field=version

Verify Fix Applied:

Verify WpStickyBar plugin version is 2.1.1 or higher in WordPress admin.

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL errors in WordPress logs
  • Multiple POST requests to /wp-admin/admin-ajax.php with SQL-like parameters
  • Unexpected database queries from web server process

Network Indicators:

  • POST requests to /wp-admin/admin-ajax.php with SQL injection payloads in parameters
  • Unusual database connection patterns from web server

SIEM Query:

source="wordpress.log" AND ("admin-ajax.php" AND ("wp_sticky_bar" OR "SQL syntax" OR "database error"))

📊 Metadata

CVE ID: CVE-2024-5765
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: July 30, 2024
Last Updated: August 20, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-5765, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)