CVE-2024-21747
📋 TL;DR
This SQL injection vulnerability in the WP ERP WordPress plugin allows attackers to execute arbitrary SQL commands on the database. It affects all WordPress sites running WP ERP version 1.12.8 or earlier. Successful exploitation could lead to data theft, modification, or deletion.
💻 Affected Systems
- weDevs WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting
📦 What is this software?
Wp Erp by Wedevs
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including sensitive HR, CRM, and accounting data exfiltration, privilege escalation to administrator, and potential site takeover.
Likely Case
Unauthorized access to sensitive business data (employee records, customer information, financial data), data manipulation, and potential credential theft.
If Mitigated
Limited impact with proper input validation and database permissions, potentially only read access to non-sensitive data.
🎯 Exploit Status
SQL injection vulnerabilities are commonly weaponized. While no public PoC exists, the vulnerability type suggests low exploitation complexity for skilled attackers.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.12.9 or later
Vendor Advisory: https://patchstack.com/database/vulnerability/erp/wordpress-wp-erp-plugin-1-12-8-sql-injection-vulnerability
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'WP ERP' plugin. 4. Click 'Update Now' if update available. 5. If no update appears, manually download version 1.12.9+ from WordPress.org and replace plugin files.
🔧 Temporary Workarounds
Temporary Plugin Deactivation
allDisable the WP ERP plugin until patched to prevent exploitation.
wp plugin deactivate erp
Web Application Firewall Rules
allImplement WAF rules to block SQL injection patterns targeting WP ERP endpoints.
🧯 If You Can't Patch
- Implement strict input validation and parameterized queries at application level
- Restrict database user permissions to minimum required (read-only if possible)
🔍 How to Verify
Check if Vulnerable:
Check WP ERP plugin version in WordPress admin panel under Plugins → Installed Plugins.Check Version:
wp plugin get erp --field=versionVerify Fix Applied:
Confirm WP ERP plugin version is 1.12.9 or higher after update.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in database logs
- Multiple failed login attempts from single IP
- Unexpected database schema changes
Network Indicators:
- HTTP requests with SQL syntax in parameters to WP ERP endpoints
- Unusual outbound database connections
SIEM Query:
source="web_server" AND (uri="*erp*" AND (param="*SELECT*" OR param="*UNION*" OR param="*OR 1=1*"))