CVE-2022-0785
📋 TL;DR
This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress sites running the Daily Prayer Time plugin. Attackers can execute arbitrary SQL commands through the month parameter in AJAX requests, potentially compromising the database. All WordPress sites with vulnerable plugin versions are affected.
💻 Affected Systems
- Daily Prayer Time WordPress Plugin
📦 What is this software?
Daily Prayer Time by Daily Prayer Time Project
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise allowing data theft, privilege escalation, and potential remote code execution through database functions.
Likely Case
Data exfiltration, user credential theft, and database manipulation leading to site defacement or admin account takeover.
If Mitigated
Limited impact if proper WAF rules block SQL injection patterns and database permissions are restricted.
🎯 Exploit Status
Simple SQL injection via GET/POST parameters with no authentication required.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2022.03.01
Vendor Advisory: https://wpscan.com/vulnerability/e1e09f56-89a4-4d6f-907b-3fb2cb825255
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Daily Prayer Time plugin. 4. Click 'Update Now' if update available. 5. If no update appears, manually download version 2022.03.01+ from WordPress repository.
🔧 Temporary Workarounds
Disable vulnerable AJAX endpoint
allBlock access to the vulnerable AJAX action via .htaccess or web server configuration
# Add to .htaccess:
RewriteCond %{QUERY_STRING} action=get_monthly_timetable [NC]
RewriteRule ^wp-admin/admin-ajax\.php$ - [F,L]
Web Application Firewall rule
allAdd WAF rule to block SQL injection patterns in month parameter
# ModSecurity rule example:
SecRule ARGS:month "@detectSQLi" "id:1001,phase:2,deny,status:403,msg:'SQLi attempt in Daily Prayer Time plugin'"
🧯 If You Can't Patch
- Disable or remove the Daily Prayer Time plugin entirely
- Implement strict input validation and parameterized queries at application level
🔍 How to Verify
Check if Vulnerable:
Check plugin version in WordPress admin panel under Plugins → Installed Plugins. If version is below 2022.03.01, site is vulnerable.Check Version:
wp plugin list --name='daily-prayer-time' --field=versionVerify Fix Applied:
Confirm plugin version is 2022.03.01 or higher. Test AJAX endpoint with SQL injection payloads to ensure they are blocked.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL errors in WordPress debug logs
- Multiple requests to /wp-admin/admin-ajax.php with month parameter containing SQL keywords
- Database connection errors from unexpected sources
Network Indicators:
- HTTP requests to /wp-admin/admin-ajax.php with SQL injection patterns in parameters
- Unusual database traffic from web server
SIEM Query:
source="wordpress.log" AND "admin-ajax.php" AND ("month=" OR "get_monthly_timetable") AND ("UNION" OR "SELECT" OR "INSERT" OR "DELETE")