CVE-2024-3067
📋 TL;DR
The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to SQL injection via the 'id' parameter. This allows authenticated attackers with administrator access to execute arbitrary SQL queries to extract sensitive database information, and unauthenticated attackers can inject malicious web scripts. All WordPress sites using this plugin up to version 2.4.2 are affected.
💻 Affected Systems
- WooCommerce Google Feed Manager (WordPress plugin)
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including user credentials, payment information, and site takeover through privilege escalation or remote code execution.
Likely Case
Data exfiltration of sensitive information like user data, product information, and configuration details.
If Mitigated
Limited impact with proper input validation, parameterized queries, and least privilege access controls in place.
🎯 Exploit Status
SQL injection vulnerabilities are commonly exploited. The 'id' parameter manipulation is straightforward for attackers with basic SQL knowledge.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.4.3 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'WooCommerce Google Feed Manager'. 4. Click 'Update Now' if available, or download version 2.4.3+ from WordPress repository. 5. Activate the updated plugin.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily disable the WooCommerce Google Feed Manager plugin until patched
wp plugin deactivate wp-product-feed-manager
Web Application Firewall rule
allBlock SQL injection patterns targeting the 'id' parameter
Modify WAF to block requests with SQL patterns in 'id' parameter
🧯 If You Can't Patch
- Implement strict input validation and sanitization for all user inputs
- Apply principle of least privilege to database user accounts
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for WooCommerce Google Feed Manager version 2.4.2 or lowerCheck Version:
wp plugin get wp-product-feed-manager --field=versionVerify Fix Applied:
Confirm plugin version is 2.4.3 or higher in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in database logs
- Multiple failed login attempts followed by successful admin access
- Unexpected database schema changes
Network Indicators:
- HTTP requests with SQL injection patterns in 'id' parameter
- Unusual outbound database connections
SIEM Query:
source="web_logs" AND (id=* OR id LIKE "%'%" OR id LIKE "%--%" OR id LIKE "%UNION%" OR id LIKE "%SELECT%")🔗 References
- https://plugins.trac.wordpress.org/browser/wp-product-feed-manager/trunk/includes/user-interface/class-wppfm-feed-editor-page.php#L34
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3070663%40wp-product-feed-manager&new=3070663%40wp-product-feed-manager&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/37bfb60d-8e2d-4c77-880c-3d17a6a434b8?source=cve
- https://plugins.trac.wordpress.org/browser/wp-product-feed-manager/trunk/includes/user-interface/class-wppfm-feed-editor-page.php#L34
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3070663%40wp-product-feed-manager&new=3070663%40wp-product-feed-manager&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/37bfb60d-8e2d-4c77-880c-3d17a6a434b8?source=cve
