Unauthenticated SQL Injection Vulnerability in Easy Listing Directories for WordPress
CVE-2024-4443

9.8CRITICAL

Key Information:

Vendor
Wordpress
Status
Business Directory Plugin – Easy Listing Directories For WordPress
Vendor
CVE Published:
22 May 2024

Badges

πŸ‘Ύ Exploit Exists🟑 Public PoC

Summary

The Easy Listing Directories plugin for WordPress is susceptible to a time-based SQL Injection attack through the 'listingfields' parameter. This vulnerability arises from inadequate escaping of user-supplied input and insufficient preparation of SQL queries. As a result, unauthenticated attackers can manipulate existing SQL queries to execute unauthorized commands, potentially leading to the exposure of sensitive information stored within the database. Users of versions 6.4.2 and earlier should take immediate action to patch their installations to mitigate this risk.

Affected Version(s)

Business Directory Plugin – Easy Listing Directories for WordPress * <= 6.4.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-4443-Poc
Created by truonghuuphuc

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/business-direc...
https://plugins.trac.wordpress.org/changeset/3089626/

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Krzysztof ZajΔ…c
.