CVE-2024-4743
📋 TL;DR
This SQL injection vulnerability in the LifterLMS WordPress plugin allows authenticated attackers with Contributor-level access or higher to inject malicious SQL queries through the 'orderBy' parameter in the lifterlms_favorites shortcode. This can lead to unauthorized data extraction from the WordPress database. All WordPress sites using LifterLMS versions up to 7.6.2 are affected.
💻 Affected Systems
- LifterLMS - WordPress LMS Plugin for eLearning
📦 What is this software?
Lifterlms by Lifterlms
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including extraction of sensitive user data, administrative credentials, and potential privilege escalation leading to full site takeover.
Likely Case
Unauthorized access to sensitive user information, course data, and potentially administrative credentials stored in the database.
If Mitigated
Limited impact with proper input validation and parameterized queries preventing successful exploitation.
🎯 Exploit Status
Exploitation requires authenticated access but uses simple SQL injection techniques. The vulnerability is well-documented in security advisories.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 7.6.3
Vendor Advisory: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3095706%40lifterlms%2Ftrunk&old=3094820%40lifterlms%2Ftrunk
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find LifterLMS and click 'Update Now'. 4. Verify update to version 7.6.3 or higher.
🔧 Temporary Workarounds
Disable vulnerable shortcode
allRemove or disable the lifterlms_favorites shortcode from all posts/pages
Restrict user roles
allTemporarily restrict Contributor and higher roles from accessing the site
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block SQL injection patterns
- Apply input validation filters to sanitize orderBy parameter values
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → LifterLMS version. If version is 7.6.2 or lower, you are vulnerable.Check Version:
wp plugin list --name=lifterlms --field=versionVerify Fix Applied:
Verify LifterLMS plugin version is 7.6.3 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in WordPress debug logs
- Multiple failed login attempts followed by SQL-like requests
- Database error messages containing 'orderBy' parameter
Network Indicators:
- POST requests to WordPress with SQL injection patterns in orderBy parameter
- Unusual database connection patterns from web server
SIEM Query:
SELECT * FROM web_logs WHERE url LIKE '%lifterlms_favorites%' AND (request_body LIKE '%UNION%' OR request_body LIKE '%SELECT%' OR request_body LIKE '%FROM%')🔗 References
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3095706%40lifterlms%2Ftrunk&old=3094820%40lifterlms%2Ftrunk&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/7e3a1e3c-eba0-4ef4-bcb8-929799bb56a8?source=cve
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3095706%40lifterlms%2Ftrunk&old=3094820%40lifterlms%2Ftrunk&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/7e3a1e3c-eba0-4ef4-bcb8-929799bb56a8?source=cve
