CVE-2024-47328 – This SQL injection vulnerability in the FunnelK... (How to Fix)

Q: What is the severity of CVE-2024-47328?

CVE-2024-47328 has a CVSS score of 7.6 (HIGH). This SQL injection vulnerability in the FunnelKit Automation By Autonami WordPress plugin allows attackers to execute arbitrary SQL commands on the database. It affects all WordPress sites using this plugin from unknown versions through 3.1.2. Successful exploitation could lead to data theft, modification, or deletion.

📋 TL;DR

This SQL injection vulnerability in the FunnelKit Automation By Autonami WordPress plugin allows attackers to execute arbitrary SQL commands on the database. It affects all WordPress sites using this plugin from unknown versions through 3.1.2. Successful exploitation could lead to data theft, modification, or deletion.

💻 Affected Systems

Products:

FunnelKit Automation By Autonami (WordPress plugin)

Versions: n/a through 3.1.2

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Affects WordPress installations with the vulnerable plugin version installed and activated.

📦 What is this software?

Funnelkit Automations by Funnelkit

View all CVEs affecting Funnelkit Automations →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including sensitive data exfiltration (user credentials, payment info), data destruction, and potential server takeover via subsequent attacks.

🟠

Likely Case

Unauthorized data access and modification, potentially exposing user information, order details, and plugin configuration data.

🟢

If Mitigated

Limited impact due to proper input validation, parameterized queries, and database user privilege restrictions.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection vulnerabilities typically have low exploitation complexity, especially when unauthenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.1.3 or later

Vendor Advisory: https://patchstack.com/database/vulnerability/wp-marketing-automations/wordpress-recover-woocommerce-cart-abandonment-newsletter-email-marketing-marketing-automation-by-funnelkit-plugin-3-1-2-sql-injection-vulnerability?_s_id=cve

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'FunnelKit Automation By Autonami'. 4. Click 'Update Now' if update available. 5. Alternatively, download version 3.1.3+ from WordPress repository and manually update.

🔧 Temporary Workarounds

Disable vulnerable plugin

all

Temporarily deactivate the plugin until patched

Web Application Firewall (WAF)

all

Implement WAF rules to block SQL injection patterns

🧯 If You Can't Patch

Implement strict input validation and parameterized queries in custom code
Restrict database user permissions to minimum required

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Installed Plugins for 'FunnelKit Automation By Autonami' version ≤3.1.2

Check Version:

wp plugin list --name='FunnelKit Automation By Autonami' --field=version (WP-CLI)

Verify Fix Applied:

Confirm plugin version is 3.1.3 or higher in WordPress admin

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed login attempts from single IP
Unexpected plugin file modifications

Network Indicators:

SQL syntax in HTTP parameters
Unusual database connection patterns

SIEM Query:

source="web_server" AND (url="*wp-admin/admin-ajax.php*" OR url="*wp-content/plugins/wp-marketing-automations/*") AND (query="*SELECT*" OR query="*UNION*" OR query="*INSERT*" OR query="*DELETE*")

📊 Metadata

CVE ID: CVE-2024-47328

CVSS v3 Score: 7.6 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L

CWE: CWE-89

Published: October 21, 2024

Last Updated: October 24, 2024

🔗 References

https://patchstack.com/database/vulnerability/wp-marketing-automations/wordpress-recover-woocommerce-cart-abandonment-newsletter-email-marketing-marketing-automation-by-funnelkit-plugin-3-1-2-sql-injection-vulnerability?_s_id=cve Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-47328, you might also want to check these: