CVE-2022-0784
📋 TL;DR
This vulnerability allows unauthenticated attackers to execute arbitrary SQL commands on WordPress sites using the Title Experiments Free plugin. Attackers can steal sensitive data, modify database content, or potentially gain administrative access. All WordPress sites with vulnerable plugin versions are affected.
💻 Affected Systems
- Title Experiments Free WordPress Plugin
📦 What is this software?
Title Experiments Free by Title Experiments Free Project
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise leading to data theft, site defacement, backdoor installation, and full administrative control of the WordPress installation.
Likely Case
Data exfiltration including user credentials, sensitive content, and potential privilege escalation to administrator level.
If Mitigated
Attack blocked at WAF level or plugin disabled, no impact to site functionality.
🎯 Exploit Status
Simple SQL injection via AJAX endpoint with no authentication required. Exploitation tools are widely available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 9.0.1
Vendor Advisory: https://wpscan.com/vulnerability/6672b59f-14bc-4a22-9e0b-fcab4e01d97f
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Title Experiments Free'. 4. Click 'Update Now' if available, or manually update to version 9.0.1+. 5. Verify plugin is active and functioning.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily disable the Title Experiments Free plugin until patched
wp plugin deactivate title-experiments-free
WAF rule blocking
allBlock requests to the vulnerable AJAX endpoint
Block HTTP requests containing 'wpex_titles' in URL or parameters
🧯 If You Can't Patch
- Disable the Title Experiments Free plugin immediately
- Implement web application firewall rules to block SQL injection patterns
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Title Experiments Free version numberCheck Version:
wp plugin get title-experiments-free --field=versionVerify Fix Applied:
Confirm plugin version is 9.0.1 or higher in WordPress admin📡 Detection & Monitoring
Log Indicators:
- HTTP requests to /wp-admin/admin-ajax.php with action=wpex_titles containing SQL syntax
- Unusual database queries from web server process
- Multiple failed SQL queries from same IP
Network Indicators:
- POST requests to admin-ajax.php with SQL injection payloads in parameters
- Unusual traffic patterns to AJAX endpoints
SIEM Query:
source="web_logs" AND url="*admin-ajax.php*" AND (param="*wpex_titles*" OR payload="*UNION*" OR payload="*SELECT*" OR payload="*FROM*" OR payload="*WHERE*")