CVE-2022-0349
📋 TL;DR
This vulnerability allows unauthenticated attackers to perform blind SQL injection attacks on WordPress sites running NotificationX plugin versions before 2.3.9. Attackers can extract sensitive database information, modify data, or potentially gain administrative access to affected websites. All WordPress installations with vulnerable NotificationX versions are affected.
💻 Affected Systems
- NotificationX WordPress Plugin
📦 What is this software?
Notificationx by Wpdeveloper
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise leading to data theft, privilege escalation to WordPress administrator, and potential server takeover if database permissions allow.
Likely Case
Extraction of sensitive data including user credentials, personal information, and plugin/theme secrets stored in the database.
If Mitigated
Limited information disclosure if database permissions are restricted and web application firewall blocks SQL injection patterns.
🎯 Exploit Status
Simple SQL injection via nx_id parameter requires no authentication. Public proof-of-concept exists and can be easily weaponized.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.3.9
Vendor Advisory: https://wpscan.com/vulnerability/1d0dd7be-29f3-4043-a9c6-67d02746463a
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find NotificationX and click 'Update Now'. 4. Verify version shows 2.3.9 or higher.
🔧 Temporary Workarounds
Disable NotificationX Plugin
allTemporarily disable the vulnerable plugin until patching is possible.
wp plugin deactivate notificationx
Web Application Firewall Rule
allBlock requests containing SQL injection patterns targeting nx_id parameter.
Modify WAF rules to block: *nx_id* AND (*SELECT* OR *UNION* OR *SLEEP* OR *BENCHMARK*)
🧯 If You Can't Patch
- Implement strict network segmentation to isolate vulnerable WordPress instances
- Deploy web application firewall with SQL injection detection rules
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → NotificationX version. If version is below 2.3.9, system is vulnerable.Check Version:
wp plugin get notificationx --field=versionVerify Fix Applied:
Verify NotificationX plugin version shows 2.3.9 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- HTTP requests containing 'nx_id' parameter with SQL injection patterns
- Unusual database query errors in WordPress logs
- Multiple failed login attempts following SQL injection attempts
Network Indicators:
- HTTP POST/GET requests with nx_id parameter containing SQL keywords
- Unusual outbound database connections from web server
SIEM Query:
source="web_logs" AND (uri="*nx_id*" AND (uri="*SELECT*" OR uri="*UNION*" OR uri="*SLEEP*" OR uri="*BENCHMARK*"))