CVE-2024-12635 – The WP Docs WordPress plugin contains a time-ba... (How to Fix)

📋 TL;DR

The WP Docs WordPress plugin contains a time-based SQL injection vulnerability in the 'dir_id' parameter that allows authenticated attackers with Subscriber-level access or higher to extract sensitive database information. The vulnerability affects all versions up to and including 2.2.0 due to insufficient input sanitization and lack of prepared statements. Attackers can exploit this to steal sensitive data including user credentials, configuration details, and other database contents.

💻 Affected Systems

Products:

WP Docs WordPress Plugin

Versions: All versions up to and including 2.2.0

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access (Subscriber-level or higher). The vulnerability was only partially patched in version 2.2.0.

📦 What is this software?

Wp Docs by Androidbubble

View all CVEs affecting Wp Docs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to credential theft, sensitive data exfiltration, privilege escalation, and potential site takeover.

🟠

Likely Case

Extraction of sensitive user data, configuration information, and potentially authentication credentials from the database.

🟢

If Mitigated

Limited data exposure if proper input validation and prepared statements are implemented, with minimal impact on site functionality.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but uses standard SQL injection techniques. Time-based attacks make detection more difficult.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version after 2.2.0 (check for latest update)

Vendor Advisory: https://plugins.trac.wordpress.org/browser/wp-docs

Restart Required: No

Instructions:

1. Log into WordPress admin panel
2. Navigate to Plugins → Installed Plugins
3. Find WP Docs plugin
4. Click 'Update Now' if update available
5. If no update available, deactivate and remove plugin
6. Check for updated version on WordPress plugin repository

🔧 Temporary Workarounds

Disable WP Docs Plugin

all

Temporarily disable the vulnerable plugin until patched version is available

wp plugin deactivate wp-docs

Restrict User Registration

all

Temporarily disable new user registration to limit attack surface

update wp_options set option_value = '0' where option_name = 'users_can_register'

🧯 If You Can't Patch

Implement Web Application Firewall (WAF) with SQL injection rules
Restrict plugin access to trusted IP addresses only

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → WP Docs version. If version is 2.2.0 or earlier, you are vulnerable.

Check Version:

wp plugin get wp-docs --field=version

Verify Fix Applied:

Verify WP Docs plugin version is higher than 2.2.0 and check plugin changelog for SQL injection fixes.

📡 Detection & Monitoring

Log Indicators:

Unusual database queries with time delays
Multiple failed authentication attempts followed by SQL queries
Abnormal 'dir_id' parameter values in requests

Network Indicators:

Repeated requests with varying 'dir_id' parameters
Requests with SQL syntax in parameters
Unusual timing patterns in responses

SIEM Query:

source="web_logs" AND ("dir_id" AND (SLEEP OR WAITFOR OR BENCHMARK))

📊 Metadata

CVE ID: CVE-2024-12635

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-89

Published: December 21, 2024

Last Updated: February 28, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-12635, you might also want to check these: