CVE-2023-2841
📋 TL;DR
This vulnerability allows authenticated attackers with admin-level privileges in WordPress to perform time-based SQL injection attacks via the Advanced Local Pickup for WooCommerce plugin. Attackers can extract sensitive information from the database by injecting malicious SQL queries through the id parameter. Only WordPress sites using vulnerable versions of this specific plugin are affected.
💻 Affected Systems
- Advanced Local Pickup for WooCommerce WordPress plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including extraction of sensitive user data, payment information, and administrative credentials, potentially leading to full site takeover.
Likely Case
Extraction of sensitive user information, order details, and potentially administrative credentials from the WordPress database.
If Mitigated
Limited impact due to proper access controls and monitoring, with only authorized admin users potentially exploiting the vulnerability.
🎯 Exploit Status
Exploitation requires admin privileges but uses standard SQL injection techniques. Time-based attacks make detection more difficult.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.5.6 and later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Advanced Local Pickup for WooCommerce'. 4. Click 'Update Now' if available. 5. Alternatively, download version 1.5.6+ from WordPress repository and replace plugin files.
🔧 Temporary Workarounds
Remove vulnerable plugin
allTemporarily disable or remove the plugin until patched
wp plugin deactivate advanced-local-pickup-for-woocommerce
wp plugin delete advanced-local-pickup-for-woocommerce
Restrict admin access
allLimit admin privileges to essential users only
🧯 If You Can't Patch
- Implement strict access controls to limit admin privileges to trusted users only
- Deploy web application firewall with SQL injection protection rules
🔍 How to Verify
Check if Vulnerable:
Check plugin version in WordPress admin panel under Plugins → Installed Plugins. Look for 'Advanced Local Pickup for WooCommerce' version 1.5.5 or earlier.Check Version:
wp plugin get advanced-local-pickup-for-woocommerce --field=versionVerify Fix Applied:
Verify plugin version is 1.5.6 or later in WordPress admin panel. Check that the file wc-local-pickup-admin.php line 447 has proper parameterized queries.📡 Detection & Monitoring
Log Indicators:
- Unusual database queries from admin users
- Multiple requests with SQL-like patterns in id parameter
- Abnormal response times from admin endpoints
Network Indicators:
- Repeated POST requests to admin-ajax.php or admin endpoints with SQL payloads
- Unusual database connection patterns from web server
SIEM Query:
source="web_logs" AND (uri_path="/wp-admin/admin-ajax.php" OR uri_path CONTAINS "/wp-admin/") AND (query_string CONTAINS "id=" AND (query_string CONTAINS "SLEEP" OR query_string CONTAINS "BENCHMARK" OR query_string CONTAINS "WAITFOR"))🔗 References
- https://plugins.trac.wordpress.org/browser/advanced-local-pickup-for-woocommerce/trunk/include/wc-local-pickup-admin.php?rev=2889033#L447
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2986002%40advanced-local-pickup-for-woocommerce%2Ftrunk&old=2983681%40advanced-local-pickup-for-woocommerce%2Ftrunk&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/125e7ea3-574a-4760-b10b-7a98d94c87a5?source=cve
- https://plugins.trac.wordpress.org/browser/advanced-local-pickup-for-woocommerce/trunk/include/wc-local-pickup-admin.php?rev=2889033#L447
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2986002%40advanced-local-pickup-for-woocommerce%2Ftrunk&old=2983681%40advanced-local-pickup-for-woocommerce%2Ftrunk&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/125e7ea3-574a-4760-b10b-7a98d94c87a5?source=cve
