CVE-2024-12607
📋 TL;DR
This SQL injection vulnerability in the School Management System for WordPress plugin allows authenticated attackers with Custom-level access or higher to execute arbitrary SQL queries. Attackers can extract sensitive information from the database, including user credentials and other confidential data. All WordPress sites using this plugin up to version 92.0.0 are affected.
💻 Affected Systems
- School Management System for WordPress plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise leading to data theft, privilege escalation, and potential site takeover.
Likely Case
Extraction of sensitive user data, including administrator credentials and student/personal information.
If Mitigated
Limited impact if proper access controls and input validation are in place.
🎯 Exploit Status
Exploitation requires authenticated access but uses common SQL injection techniques.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 92.0.0
Vendor Advisory: https://codecanyon.net/item/school-management-system-for-wordpress/11470032
Restart Required: No
Instructions:
1. Update the School Management System plugin to the latest version. 2. Verify the update was successful. 3. Test the 'mj_smgt_show_event_task' functionality.
🔧 Temporary Workarounds
Disable vulnerable AJAX endpoint
allRemove or restrict access to the vulnerable 'mj_smgt_show_event_task' AJAX action
Add to theme's functions.php: remove_action('wp_ajax_mj_smgt_show_event_task', 'callback_function');
Add to theme's functions.php: remove_action('wp_ajax_nopriv_mj_smgt_show_event_task', 'callback_function');
Implement WAF rules
allAdd web application firewall rules to block SQL injection attempts
For ModSecurity: SecRule ARGS:id "@detectSQLi" "id:1001,phase:2,deny,status:403,msg:'SQLi attempt detected'"
For Cloudflare WAF: Enable SQL injection protection rules
🧯 If You Can't Patch
- Restrict plugin access to trusted users only using role-based access controls
- Implement database-level protections such as prepared statements in custom code
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > School Management System version. If version is 92.0.0 or lower, you are vulnerable.Check Version:
wp plugin list --name='School Management System' --field=versionVerify Fix Applied:
After updating, verify the plugin version is above 92.0.0 and test the 'mj_smgt_show_event_task' functionality with safe input.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in database logs
- Multiple failed authentication attempts followed by AJAX requests to 'admin-ajax.php' with 'action=mj_smgt_show_event_task'
- Database errors containing SQL syntax in WordPress debug logs
Network Indicators:
- POST requests to /wp-admin/admin-ajax.php with 'action=mj_smgt_show_event_task' and suspicious 'id' parameter values
- Unusual database connection patterns from web server
SIEM Query:
source="wordpress.log" AND "admin-ajax.php" AND "mj_smgt_show_event_task" AND ("id=" OR "sql" OR "union" OR "select")