CVE-2022-4118
📋 TL;DR
This SQL injection vulnerability in the Bitcoin/AltCoin Payment Gateway WordPress plugin allows authenticated users to execute arbitrary SQL commands on the database. It affects WordPress sites using this plugin version 1.7.1 and earlier. Attackers could potentially read, modify, or delete database content.
💻 Affected Systems
- Bitcoin / AltCoin Payment Gateway for WooCommerce & Multivendor store / shop WordPress plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise leading to data theft, privilege escalation, site defacement, or full system takeover via subsequent attacks.
Likely Case
Data exfiltration of sensitive information (user credentials, payment data, personal information) and potential site modification.
If Mitigated
Limited impact with proper input validation, parameterized queries, and least privilege database accounts.
🎯 Exploit Status
Exploitation requires authenticated user access. SQL injection is well-understood with many available tools.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.7.2 or later
Vendor Advisory: https://wpscan.com/vulnerability/2839ff82-7d37-4392-8fa3-d490680d42c4
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Bitcoin / AltCoin Payment Gateway' plugin. 4. Click 'Update Now' if update available. 5. If no update available, deactivate and remove plugin immediately.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily disable the plugin until patched version is available
wp plugin deactivate bitcoin-altcoin-payment-gateway
Implement WAF rules
allAdd web application firewall rules to block SQL injection patterns
🧯 If You Can't Patch
- Remove plugin entirely and use alternative payment gateway
- Implement strict network segmentation and limit database access to only necessary services
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for 'Bitcoin / AltCoin Payment Gateway' version 1.7.1 or earlierCheck Version:
wp plugin list --name='bitcoin-altcoin-payment-gateway' --field=versionVerify Fix Applied:
Verify plugin version is 1.7.2 or later in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in database logs
- Multiple failed login attempts followed by plugin-specific requests
- Unexpected database schema changes
Network Indicators:
- HTTP POST requests to plugin endpoints with SQL syntax in parameters
- Unusual outbound database connections
SIEM Query:
source="web_logs" AND (uri="*bitcoin-altcoin*" AND (param="*SELECT*" OR param="*UNION*" OR param="*INSERT*" OR param="*DELETE*"))