CVE-2024-4443
📋 TL;DR
This vulnerability allows unauthenticated attackers to perform time-based SQL injection attacks on WordPress sites using the Business Directory Plugin. Attackers can extract sensitive information from the database by manipulating the 'listingfields' parameter. All WordPress sites with this plugin installed are affected.
💻 Affected Systems
- Business Directory Plugin – Easy Listing Directories for WordPress
📦 What is this software?
Business Directory by Businessdirectoryplugin
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including user credentials, sensitive business data, and potential privilege escalation leading to full site takeover.
Likely Case
Extraction of sensitive data including user information, plugin settings, and potentially WordPress configuration details.
If Mitigated
Limited information disclosure if database permissions are properly restricted and sensitive data is encrypted.
🎯 Exploit Status
Time-based SQL injection requires more sophisticated exploitation but is well-documented and tools exist for automation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 6.4.3 or later
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3089626/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Business Directory Plugin'. 4. Click 'Update Now' if available. 5. Alternatively, download version 6.4.3+ from WordPress.org and manually update.
🔧 Temporary Workarounds
Temporary Plugin Deactivation
allDisable the vulnerable plugin until patched
wp plugin deactivate business-directory-plugin
Web Application Firewall Rule
allBlock requests containing SQL injection patterns targeting the listingfields parameter
🧯 If You Can't Patch
- Implement strict WAF rules to block SQL injection patterns
- Restrict database user permissions to limit potential damage from successful exploitation
🔍 How to Verify
Check if Vulnerable:
Check plugin version in WordPress admin under Plugins → Installed PluginsCheck Version:
wp plugin get business-directory-plugin --field=versionVerify Fix Applied:
Verify plugin version is 6.4.3 or higher after update📡 Detection & Monitoring
Log Indicators:
- Unusual database query patterns
- Multiple requests with 'listingfields' parameter containing SQL keywords
- Long response times from specific plugin endpoints
Network Indicators:
- HTTP requests with SQL injection payloads in GET/POST parameters
- Repeated requests to plugin endpoints with timing variations
SIEM Query:
source="web_logs" AND (uri_path="*business-directory*" OR user_agent="*sqlmap*") AND (query_string="*listingfields*" AND (query_string="*SLEEP*" OR query_string="*BENCHMARK*" OR query_string="*WAITFOR*"))🔗 References
- https://plugins.trac.wordpress.org/browser/business-directory-plugin/trunk/includes/fields/class-fieldtypes-select.php#L110
- https://plugins.trac.wordpress.org/changeset/3089626/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/982fb304-08d6-4195-97a3-f18e94295492?source=cve
- https://plugins.trac.wordpress.org/browser/business-directory-plugin/trunk/includes/fields/class-fieldtypes-select.php#L110
- https://plugins.trac.wordpress.org/changeset/3089626/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/982fb304-08d6-4195-97a3-f18e94295492?source=cve
