CVE-2021-24741
📋 TL;DR
The Support Board WordPress plugin before version 3.3.4 contains multiple SQL injection vulnerabilities in POST parameters that are not properly escaped. Unauthenticated attackers can exploit these vulnerabilities to execute arbitrary SQL commands on the database. All WordPress sites running vulnerable versions of this plugin are affected.
💻 Affected Systems
- Support Board WordPress Plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise allowing data theft, modification, or deletion; potential privilege escalation to WordPress administrator; possible remote code execution through database functions.
Likely Case
Data exfiltration from WordPress database including user credentials, sensitive content, and plugin data; potential site defacement or disruption.
If Mitigated
Limited impact with proper input validation and parameterized queries; database access restricted to plugin's intended functionality.
🎯 Exploit Status
Multiple POST parameters vulnerable; exploitation requires sending crafted HTTP requests to vulnerable endpoints.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.3.4
Vendor Advisory: https://board.support/changes
Restart Required: No
Instructions:
1. Log into WordPress admin panel
2. Navigate to Plugins → Installed Plugins
3. Find Support Board plugin
4. Click 'Update Now' if update available
5. If no update available, download version 3.3.4+ from WordPress.org
6. Deactivate old version, upload new version, activate
🔧 Temporary Workarounds
Temporary Plugin Deactivation
allDisable the Support Board plugin until patched
wp plugin deactivate support-board
Web Application Firewall Rules
allBlock SQL injection patterns in POST parameters
🧯 If You Can't Patch
- Implement strict input validation for all POST parameters
- Deploy web application firewall with SQL injection protection rules
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Support Board version numberCheck Version:
wp plugin get support-board --field=versionVerify Fix Applied:
Verify plugin version is 3.3.4 or higher in WordPress admin📡 Detection & Monitoring
Log Indicators:
- Unusual SQL errors in WordPress debug logs
- Multiple POST requests with SQL-like patterns to /wp-content/plugins/support-board/
Network Indicators:
- HTTP POST requests containing SQL keywords (UNION, SELECT, etc.) in parameters
SIEM Query:
source="wordpress.log" AND "support-board" AND ("SQL" OR "database error")🔗 References
- https://board.support/changes
- https://medium.com/%40lijohnjefferson/multiple-sql-injection-unauthenticated-in-support-board-v-3-3-3-3e9b4214a4f9
- https://wpscan.com/vulnerability/ccf293ec-7607-412b-b662-5e237b8690ca
- https://board.support/changes
- https://medium.com/%40lijohnjefferson/multiple-sql-injection-unauthenticated-in-support-board-v-3-3-3-3e9b4214a4f9
- https://wpscan.com/vulnerability/ccf293ec-7607-412b-b662-5e237b8690ca
