CVE•Published 2024-02-17•Modified 2026-04-08•1 article on news•6 live references•NVD data
CVE-2024-0610Papaki · Piraeus_bank_woocommerce_payment_gateway
Vulnerability data via NVD (ingested)
CVSS v3.1
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS percentile
70
Exploit Prediction Scoring System · top 30% of all CVEs
Weaknesses (CWE)
Description
The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'MerchantReference' parameter in all versions up to, and including, 1.6.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Timeline
Published 2024-02-17
Modified 2026-04-08
External references
Search for exposed instances
Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).
Shodan · vuln tag0 hosts
vuln:CVE-2024-0610Hosts Shodan has explicitly fingerprinted as vulnerable.
Shodan · WP plugin path
http.html:"/wp-content/plugins/piraeus-bank-woocommerce-payment-gateway/"Matches any site loading the "piraeus-bank-woocommerce-payment-gateway" plugin — doesn't rely on Shodan's vuln tag.
Shodan · product
product:"Papaki Piraeus Bank Woocommerce Payment Gateway"All exposed Papaki Piraeus Bank Woocommerce Payment Gateway instances — cross-reference with the CVE's affected-version range.
Shodan · banner/body mention
http.html:"Piraeus Bank Woocommerce Payment Gateway"HTTP body or banner mentions "Piraeus Bank Woocommerce Payment Gateway" — catches deploys Shodan didn't identify as a product.
More intel sources (5)
Shodan report
vuln:CVE-2024-0610Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2024-0610Censys host search filtered to this CVE id.
grep.app
CVE-2024-0610Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2024-0610GitHub code search for direct mentions.
Google dork
"CVE-2024-0610" exploit -site:nvd.nist.govWrite-ups and news, NVD excluded.
Known PoCs on GitHub (8)
CVE-2024-06108 repos
Mr-xn/Penetration_Testing_POCHTML
渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypas…
jekil/awesome-hackingPython
Awesome hacking is an awesome collection of hacking tools.
GhostTroops/TOPShell
TOP All bugbounty pentesting CVE-2023- POC Exp RCE example payload Things
ycdxsb/WindowsPrivilegeEscalationunknown
Collection of Windows Privilege Escalation (Analyse/PoC/Exploit)
trganda/starrlistPython
List of awesome starred repositories
CVEDB/awesome-cve-repoShell
martinholovsky/awesome-llm-attacksunknown
A curated, framework-mapped catalog of attack techniques against LLM and GenAI systems — cross-referenced to OWASP LLM Top 10, MITRE ATLAS, OWASP ASI, and MCP security.
ImBIOS/ImBIOSTypeScript
README of ImBIOS