CVE-2024-13321 – The AnalyticsWP WordPress plugin contains an SQ... (How to Fix)

Q: What is the severity of CVE-2024-13321?

CVE-2024-13321 has a CVSS score of 7.5 (HIGH). The AnalyticsWP WordPress plugin contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries. This can lead to extraction of sensitive data from the database, including user credentials and other confidential information. All WordPress sites using AnalyticsWP version 2.0.0 or earlier are affected.

📋 TL;DR

The AnalyticsWP WordPress plugin contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries. This can lead to extraction of sensitive data from the database, including user credentials and other confidential information. All WordPress sites using AnalyticsWP version 2.0.0 or earlier are affected.

💻 Affected Systems

Products:

AnalyticsWP WordPress Plugin

Versions: All versions up to and including 2.0.0

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default configuration; no special configuration required for exploitation.

📦 What is this software?

Analyticswp by Analyticswp

View all CVEs affecting Analyticswp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including extraction of all user credentials, sensitive site data, and potential privilege escalation to full site takeover.

🟠

Likely Case

Data exfiltration of user information, plugin settings, and potentially WordPress configuration details.

🟢

If Mitigated

Limited impact with proper input validation and database user permissions restricting access to sensitive tables.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires no authentication and involves simple SQL injection techniques via the custom_sql parameter.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version after 2.0.0

Vendor Advisory: https://analyticswp.com/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find AnalyticsWP plugin. 4. Click 'Update Now' if update available. 5. If no update available, deactivate and remove plugin immediately.

🔧 Temporary Workarounds

Disable AnalyticsWP Plugin

all

Temporarily disable the vulnerable plugin until patched version is available

wp plugin deactivate analyticswp

Web Application Firewall Rule

all

Block requests containing SQL injection patterns targeting the custom_sql parameter

🧯 If You Can't Patch

Remove AnalyticsWP plugin completely from the WordPress installation
Implement strict input validation and parameterized queries at application level

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Installed Plugins for AnalyticsWP version 2.0.0 or earlier

Check Version:

wp plugin get analyticswp --field=version

Verify Fix Applied:

Confirm AnalyticsWP plugin version is greater than 2.0.0 or plugin is completely removed

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple requests to /wp-admin/admin-ajax.php with custom_sql parameter
Database error messages containing SQL syntax

Network Indicators:

POST requests to admin-ajax.php with SQL keywords in parameters
Unusual database connection patterns from web server

SIEM Query:

source="web_access" AND uri="/wp-admin/admin-ajax.php" AND (param="custom_sql" AND value CONTAINS "UNION" OR value CONTAINS "SELECT" OR value CONTAINS "INSERT")

📊 Metadata

CVE ID: CVE-2024-13321

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-89

EPSS Score: 0.23% exploit probability (45.3th percentile)

Published: March 14, 2025

Last Updated: March 21, 2025

🔗 References

https://analyticswp.com/ Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/f6507318-92c0-457c-8c87-2d023428a77f?source=cve Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-13321, you might also want to check these: