CVE-2015-7670
📋 TL;DR
This CVE describes SQL injection vulnerabilities in the Support Ticket System WordPress plugin before version 1.2.1. Remote attackers can execute arbitrary SQL commands via user or id parameters, potentially compromising the WordPress database. WordPress sites using vulnerable versions of this plugin are affected.
💻 Affected Systems
- Support Ticket System WordPress plugin
📦 What is this software?
Support Ticket System by Support Ticket System Project
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise leading to data theft, privilege escalation, and full site takeover via arbitrary SQL execution.
Likely Case
Database information disclosure, modification of ticket data, and potential administrative access to WordPress.
If Mitigated
Limited impact with proper input validation and database permissions, potentially only affecting the plugin's data tables.
🎯 Exploit Status
SQL injection via URL parameters makes exploitation straightforward for attackers.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.2.1
Vendor Advisory: https://wordpress.org/plugins/simple-support-ticket-system/#developers
Restart Required: No
Instructions:
1. Log into WordPress admin panel
2. Navigate to Plugins → Installed Plugins
3. Find 'Support Ticket System' plugin
4. Click 'Update Now' if available
5. If no update available, download version 1.2.1+ from WordPress.org
6. Deactivate old plugin, upload new version, activate
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily deactivate the Support Ticket System plugin until patched
wp plugin deactivate simple-support-ticket-system
Web Application Firewall rule
linuxBlock SQL injection attempts targeting update.php parameters
ModSecurity rule: SecRule ARGS_GET "@detectSQLi" "id:1001,phase:2,deny,status:403"
🧯 If You Can't Patch
- Remove the plugin entirely if ticket functionality is not critical
- Implement strict input validation and parameterized queries in the plugin code
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Support Ticket System version. If version < 1.2.1, vulnerable.Check Version:
wp plugin get simple-support-ticket-system --field=versionVerify Fix Applied:
Confirm plugin version is 1.2.1 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL errors in WordPress logs
- Multiple requests to /wp-content/plugins/simple-support-ticket-system/includes/update.php with SQL-like parameters
Network Indicators:
- HTTP requests containing SQL injection patterns in user or id parameters to the update.php endpoint
SIEM Query:
source="wordpress.log" AND "update.php" AND ("user=" OR "id=") AND ("UNION" OR "SELECT" OR "INSERT" OR "DELETE")🔗 References
- http://www.securityfocus.com/archive/1/536624/100/0/threaded
- https://wordpress.org/plugins/simple-support-ticket-system/#developers
- https://wpvulndb.com/vulnerabilities/8207
- http://www.securityfocus.com/archive/1/536624/100/0/threaded
- https://wordpress.org/plugins/simple-support-ticket-system/#developers
- https://wpvulndb.com/vulnerabilities/8207
