CVE-2024-10247
📋 TL;DR
This vulnerability allows authenticated attackers with Administrator-level access in WordPress to perform time-based SQL injection attacks via the orderby parameter in the Video Gallery plugin. Attackers can extract sensitive information from the database by appending malicious SQL queries. Only WordPress sites using vulnerable versions of this specific plugin are affected.
💻 Affected Systems
- Video Gallery – Best WordPress YouTube Gallery Plugin
📦 What is this software?
Video Gallery by Total Soft
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including extraction of sensitive user data, passwords, and potentially full site takeover if other vulnerabilities are chained.
Likely Case
Extraction of sensitive plugin data, user information, and potential privilege escalation through data manipulation.
If Mitigated
Limited impact due to administrator-only access requirement and proper network segmentation.
🎯 Exploit Status
Exploit requires administrator credentials but the SQL injection technique is well-documented and simple to execute.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Versions after 2.4.2
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3200979/gallery-videos/trunk/admin/class-tsvg-list.php
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Video Gallery – Best WordPress YouTube Gallery Plugin'. 4. Click 'Update Now' if available. 5. If no update appears, manually download latest version from WordPress repository and replace plugin files.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily disable the plugin until patched
wp plugin deactivate gallery-videos
Restrict admin access
allLimit administrator accounts and implement strong authentication
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block SQL injection patterns
- Restrict plugin functionality to trusted administrators only and monitor admin account activity
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Video Gallery plugin version. If version is 2.4.2 or lower, you are vulnerable.Check Version:
wp plugin get gallery-videos --field=versionVerify Fix Applied:
Verify plugin version is higher than 2.4.2 and check the class-tsvg-list.php file for proper parameter escaping in the orderby parameter handling.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in WordPress debug logs
- Multiple failed login attempts followed by admin access
- Long response times from plugin endpoints suggesting time-based injection
Network Indicators:
- Repeated POST requests to plugin admin endpoints with SQL-like parameters
- Unusual database connection patterns from web server
SIEM Query:
source="wordpress.log" AND "orderby" AND ("SLEEP" OR "BENCHMARK" OR "WAITFOR")🔗 References
- https://packetstormsecurity.com/files/179387/WordPress-Video-Gallery-YouTube-Gallery-And-Vimeo-Gallery-2.3.6-SQL-Injection.html
- https://plugins.trac.wordpress.org/browser/gallery-videos/trunk/admin/class-tsvg-list.php#L15
- https://plugins.trac.wordpress.org/changeset/3200979/gallery-videos/trunk/admin/class-tsvg-list.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/f5524582-5aac-48b4-ad67-7c4829d63ed0?source=cve
