CVE-2024-0405 – This vulnerability allows authenticated attacke... (How to Fix)

Q: What is the severity of CVE-2024-0405?

CVE-2024-0405 has a CVSS score of 7.2 (HIGH). This vulnerability allows authenticated attackers with editor-level access or higher to perform SQL injection attacks through the Burst Statistics WordPress plugin's API endpoint. Attackers can manipulate JSON parameters to inject malicious SQL queries, potentially accessing sensitive database information. WordPress sites running Burst Statistics version 1.5.3 are affected.

📋 TL;DR

This vulnerability allows authenticated attackers with editor-level access or higher to perform SQL injection attacks through the Burst Statistics WordPress plugin's API endpoint. Attackers can manipulate JSON parameters to inject malicious SQL queries, potentially accessing sensitive database information. WordPress sites running Burst Statistics version 1.5.3 are affected.

💻 Affected Systems

Products:

Burst Statistics - Privacy-Friendly Analytics for WordPress

Versions: Version 1.5.3

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated user with editor role or higher. WordPress multisite installations are also affected.

📦 What is this software?

Burst Statistics by Burst Statistics

View all CVEs affecting Burst Statistics →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including user credentials, sensitive site data, and potential privilege escalation leading to full site takeover.

🟠

Likely Case

Unauthorized access to sensitive analytics data, user information, and potential data exfiltration from the WordPress database.

🟢

If Mitigated

Limited impact with proper access controls and network segmentation, potentially only exposing non-sensitive analytics data.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but uses simple parameter manipulation. The vulnerability is well-documented in public sources.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 1.5.4 or later

Vendor Advisory: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3020809%40burst-statistics%2Ftrunk&old=3012004%40burst-statistics%2Ftrunk&sfp_email=&sfph_mail=

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Burst Statistics and click 'Update Now'. 4. Verify update to version 1.5.4 or later.

🔧 Temporary Workarounds

Disable vulnerable endpoint

all

Block access to the vulnerable API endpoint using web server configuration

# For Apache: add to .htaccess
RewriteRule ^wp-json/burst/v1/data/compare - [F,L]
# For Nginx: add to site config
location ~* ^/wp-json/burst/v1/data/compare { deny all; }

Restrict user roles

all

Temporarily remove editor and higher privileges from untrusted users

# Use WordPress admin panel: Users → All Users → Edit user → Role → Change to Author or lower

🧯 If You Can't Patch

Implement strict network access controls to limit who can access the WordPress admin interface
Enable web application firewall with SQL injection protection rules

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Installed Plugins → Burst Statistics version. If version is exactly 1.5.3, the site is vulnerable.

Check Version:

# WordPress CLI
wp plugin list --name=burst-statistics --field=version

# Direct file check
grep "Version:" /path/to/wp-content/plugins/burst-statistics/burst.php

Verify Fix Applied:

After updating, verify Burst Statistics version shows 1.5.4 or later in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed authentication attempts followed by successful editor login
Unusual API calls to /wp-json/burst/v1/data/compare with JSON parameter manipulation

Network Indicators:

POST requests to /wp-json/burst/v1/data/compare with SQL keywords in parameters
Unusual database connection patterns from web server

SIEM Query:

source="web_server" AND (uri="/wp-json/burst/v1/data/compare" AND (param="browser" OR param="device" OR param="page_id" OR param="page_url" OR param="platform" OR param="referrer") AND (value="*SELECT*" OR value="*UNION*" OR value="*INSERT*" OR value="*UPDATE*" OR value="*DELETE*"))

📊 Metadata

CVE ID: CVE-2024-0405

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: January 17, 2024

Last Updated: June 2, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-0405, you might also want to check these: