CVE-2024-11267
📋 TL;DR
The JSP Store Locator WordPress plugin version 1.0 contains a SQL injection vulnerability due to insufficient input sanitization. Attackers with Contributor-level access can exploit this to execute arbitrary SQL commands, potentially compromising the database. This affects all WordPress sites using the vulnerable plugin version.
💻 Affected Systems
- JSP Store Locator WordPress plugin
📦 What is this software?
Jsp Store Locator by Joomlaserviceprovider
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise allowing data theft, modification, or deletion; potential privilege escalation to administrator; possible remote code execution via database functions.
Likely Case
Unauthorized data access, modification of plugin settings, extraction of sensitive information like user credentials or personal data.
If Mitigated
Limited to data within the plugin's database tables if proper input validation and parameterized queries are implemented elsewhere.
🎯 Exploit Status
Exploitation requires Contributor access; SQL injection techniques are well-documented and easily weaponized once specific vulnerable parameter is identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not available
Vendor Advisory: https://wpscan.com/vulnerability/fcbdc11a-a194-46e4-8c22-11010b98fdab/
Restart Required: No
Instructions:
1. Remove the JSP Store Locator plugin completely. 2. Install an alternative store locator plugin from a reputable source. 3. Review database for any unauthorized changes.
🔧 Temporary Workarounds
Remove Contributor Access
allTemporarily disable or restrict Contributor user role until plugin is removed.
Web Application Firewall Rule
allImplement WAF rules to block SQL injection patterns targeting the plugin.
🧯 If You Can't Patch
- Immediately remove the JSP Store Locator plugin from all WordPress installations
- Implement strict access controls to limit Contributor role creation and monitor existing Contributor accounts
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > JSP Store Locator. If version is 1.0 or earlier, you are vulnerable.Check Version:
wp plugin list --name='JSP Store Locator' --field=versionVerify Fix Applied:
Confirm the JSP Store Locator plugin is no longer installed in WordPress plugins list.📡 Detection & Monitoring
Log Indicators:
- Unusual database queries containing SQL injection patterns
- Multiple failed login attempts followed by Contributor account creation
- Unexpected database errors in WordPress logs
Network Indicators:
- HTTP POST requests to wp-admin/admin-ajax.php with SQL payloads
- Unusual database connection patterns from web server
SIEM Query:
source="wordpress.log" AND ("SQL syntax" OR "database error" OR "wp_jsp_store_locator")