CVE-2023-27605 – This SQL injection vulnerability in the WP Rero... (How to Fix)

📋 TL;DR

This SQL injection vulnerability in the WP Reroute Email WordPress plugin allows attackers to execute arbitrary SQL commands. It affects all WordPress sites using vulnerable versions of the plugin, potentially compromising the entire database.

💻 Affected Systems

Products:

WP Reroute Email WordPress Plugin

Versions: All versions up to and including 1.4.6

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with vulnerable plugin version

📦 What is this software?

Wp Reroute Email by Wp Reroute Email Project

View all CVEs affecting Wp Reroute Email →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, privilege escalation, and full site takeover

🟠

Likely Case

Unauthorized data access, modification of database content, and potential administrative access

🟢

If Mitigated

Limited impact if proper input validation and database permissions are enforced

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires admin-level access to exploit according to references

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.4.7 or later

Vendor Advisory: https://patchstack.com/database/vulnerability/wp-reroute-email/wordpress-wp-reroute-email-plugin-1-4-6-admin-sql-injection-vulnerability?_s_id=cve

Restart Required: No

Instructions:

1. Log into WordPress admin panel
2. Navigate to Plugins → Installed Plugins
3. Find WP Reroute Email
4. Click 'Update Now' if available
5. If no update available, deactivate and delete the plugin

🔧 Temporary Workarounds

Immediate Plugin Deactivation

all

Disable the vulnerable plugin to prevent exploitation

wp plugin deactivate wp-reroute-email

🧯 If You Can't Patch

Implement strict input validation and parameterized queries
Apply web application firewall rules to block SQL injection patterns

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → WP Reroute Email version

Check Version:

wp plugin get wp-reroute-email --field=version

Verify Fix Applied:

Verify plugin version is 1.4.7 or higher in WordPress admin

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed login attempts followed by plugin access

Network Indicators:

HTTP POST requests to wp-admin with SQL patterns in parameters

SIEM Query:

SELECT * FROM web_logs WHERE uri LIKE '%wp-reroute-email%' AND (params LIKE '%SELECT%' OR params LIKE '%UNION%' OR params LIKE '%INSERT%')

📊 Metadata

CVE ID: CVE-2023-27605

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: November 6, 2023

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-27605, you might also want to check these: