CVE-2024-1698
📋 TL;DR
This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress sites using the NotificationX plugin. Attackers can extract sensitive information from the database by manipulating the 'type' parameter. All WordPress sites with NotificationX plugin versions up to 2.8.2 are affected.
💻 Affected Systems
- NotificationX - Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor
📦 What is this software?
Notificationx by Wpdeveloper
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including user credentials, sensitive site data, and potential privilege escalation leading to full site takeover.
Likely Case
Data exfiltration of user information, plugin settings, and potentially WordPress configuration details.
If Mitigated
Limited impact with proper input validation and database permissions, potentially only allowing data reading without modification.
🎯 Exploit Status
SQL injection via the 'type' parameter is straightforward to exploit with common SQL injection tools.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.8.3 and later
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3040809/notificationx
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find NotificationX plugin. 4. Click 'Update Now' if available. 5. Alternatively, download version 2.8.3+ from WordPress repository and manually update.
🔧 Temporary Workarounds
Disable NotificationX Plugin
allTemporarily disable the vulnerable plugin until patched.
wp plugin deactivate notificationx
Web Application Firewall Rule
allBlock SQL injection patterns targeting the 'type' parameter.
Add WAF rule: Block requests containing SQL injection patterns in 'type' parameter
🧯 If You Can't Patch
- Implement strict input validation for all user-supplied parameters
- Deploy web application firewall with SQL injection protection rules
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → NotificationX version. If version is 2.8.2 or lower, site is vulnerable.Check Version:
wp plugin get notificationx --field=versionVerify Fix Applied:
Verify NotificationX plugin version is 2.8.3 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in database logs
- Multiple requests with SQL patterns in 'type' parameter
- 429 or other error codes from plugin endpoints
Network Indicators:
- HTTP requests with SQL injection payloads in 'type' parameter
- Unusual traffic patterns to /wp-json/notificationx/ endpoints
SIEM Query:
source="web_server" AND (uri_path="/wp-json/notificationx/*" AND (query_string="*type=*" AND (query_string="*UNION*" OR query_string="*SELECT*" OR query_string="*INSERT*" OR query_string="*DELETE*")))🔗 References
- https://plugins.trac.wordpress.org/changeset/3040809/notificationx/trunk/includes/Core/Database.php
- https://plugins.trac.wordpress.org/changeset/3040809/notificationx/trunk/includes/Core/Rest/Analytics.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/e110ea99-e2fa-4558-bcf3-942a35af0b91?source=cve
- https://plugins.trac.wordpress.org/changeset/3040809/notificationx/trunk/includes/Core/Database.php
- https://plugins.trac.wordpress.org/changeset/3040809/notificationx/trunk/includes/Core/Rest/Analytics.php
- https://www.vicarius.io/vsociety/posts/decoding-the-unseen-threat-exploiting-cve-2024-1698-unauthenticated-sql-injection-in-notificationx-wordpress-plugin-from-basics-to-breach-a-comprehensive-guide-to-source-code-analysis-and-crafting-the-ultimate-exploit
- https://www.wordfence.com/threat-intel/vulnerabilities/id/e110ea99-e2fa-4558-bcf3-942a35af0b91?source=cve
