CVE-2024-11372 – The Connexion Logs WordPress plugin through ver... (How to Fix)

Q: What is the severity of CVE-2024-11372?

CVE-2024-11372 has a CVSS score of 7.2 (HIGH). The Connexion Logs WordPress plugin through version 3.0.2 contains a SQL injection vulnerability due to insufficient input sanitization. This allows authenticated administrators to execute arbitrary SQL commands on the database. Only WordPress sites with this specific plugin installed and administrators with plugin access are affected.

📋 TL;DR

The Connexion Logs WordPress plugin through version 3.0.2 contains a SQL injection vulnerability due to insufficient input sanitization. This allows authenticated administrators to execute arbitrary SQL commands on the database. Only WordPress sites with this specific plugin installed and administrators with plugin access are affected.

💻 Affected Systems

Products:

Connexion Logs WordPress Plugin

Versions: through 3.0.2

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with Connexion Logs plugin enabled and admin access to the plugin interface.

📦 What is this software?

Connexion Logs by Floriansimunek

View all CVEs affecting Connexion Logs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with admin privileges could execute arbitrary SQL commands, leading to complete database compromise, data theft, privilege escalation, or remote code execution via database functions.

🟠

Likely Case

Malicious administrators or compromised admin accounts could extract sensitive data, modify database content, or disrupt website functionality.

🟢

If Mitigated

With proper access controls and admin account security, the risk is limited to authorized administrators who would already have extensive system access.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires administrator-level access to WordPress. The vulnerability is in a parameter that admins can control through the plugin interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.0.3 or later

Vendor Advisory: https://wpscan.com/vulnerability/de74199a-001e-4388-82ae-70cfd5a49457/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Connexion Logs' plugin. 4. Click 'Update Now' if update available. 5. If no update available, deactivate and delete plugin, then install latest version from WordPress repository.

🔧 Temporary Workarounds

Disable Plugin

all

Temporarily deactivate the Connexion Logs plugin until patched version is available.

wp plugin deactivate connexion-logs

Remove Plugin

all

Completely remove the vulnerable plugin from the WordPress installation.

wp plugin delete connexion-logs

🧯 If You Can't Patch

Restrict admin access to only trusted personnel and implement strong authentication for admin accounts.
Implement web application firewall (WAF) rules to block SQL injection patterns targeting the plugin endpoints.

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Installed Plugins for Connexion Logs version. If version is 3.0.2 or earlier, system is vulnerable.

Check Version:

wp plugin get connexion-logs --field=version

Verify Fix Applied:

After update, verify Connexion Logs plugin version is 3.0.3 or later in WordPress admin plugins page.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in WordPress or database logs
Multiple failed login attempts to admin accounts
Unexpected database schema changes

Network Indicators:

HTTP requests to /wp-admin/admin.php?page=connexion-logs with SQL injection patterns in parameters

SIEM Query:

source="wordpress.log" AND ("connexion-logs" OR "admin.php?page=connexion-logs") AND (UNION SELECT OR "' OR "--" OR ";--")

📊 Metadata

CVE ID: CVE-2024-11372

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

EPSS Score: 0.17% exploit probability (38.3th percentile)

Published: May 15, 2025

Last Updated: June 9, 2025

🔗 References

https://wpscan.com/vulnerability/de74199a-001e-4388-82ae-70cfd5a49457/ Exploit,Third Party Advisory
https://wpscan.com/vulnerability/de74199a-001e-4388-82ae-70cfd5a49457/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-11372, you might also want to check these: