CVE-2024-6205 – This vulnerability allows unauthenticated attac... (How to Fix)

Q: What is the severity of CVE-2024-6205?

CVE-2024-6205 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows unauthenticated attackers to execute arbitrary SQL commands on WordPress sites using the PayPlus Payment Gateway plugin before version 6.6.9. The SQL injection occurs via a WooCommerce API endpoint that doesn't properly sanitize user input. Any WordPress site with the vulnerable plugin version is affected.

📋 TL;DR

This vulnerability allows unauthenticated attackers to execute arbitrary SQL commands on WordPress sites using the PayPlus Payment Gateway plugin before version 6.6.9. The SQL injection occurs via a WooCommerce API endpoint that doesn't properly sanitize user input. Any WordPress site with the vulnerable plugin version is affected.

💻 Affected Systems

Products:

PayPlus Payment Gateway WordPress plugin

Versions: All versions before 6.6.9

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WooCommerce to be installed and the vulnerable API route to be accessible.

📦 What is this software?

Payplus Payment Gateway by Payplus

View all CVEs affecting Payplus Payment Gateway →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, privilege escalation, remote code execution, and full site takeover.

🟠

Likely Case

Database information disclosure, including sensitive payment data, user credentials, and site configuration.

🟢

If Mitigated

Limited impact if proper WAF rules block SQL injection patterns and database permissions are restricted.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection via unauthenticated API endpoint makes exploitation trivial for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.6.9

Vendor Advisory: https://wpscan.com/vulnerability/7e2c5032-2917-418c-aee3-092bdb78a087/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find PayPlus Payment Gateway. 4. Click 'Update Now' if available. 5. Alternatively, download version 6.6.9+ from WordPress repository and manually update.

🔧 Temporary Workarounds

Disable vulnerable API endpoint

all

Temporarily disable the WooCommerce API route used in the exploit

Add to wp-config.php: define('DISABLE_WOOCOMMERCE_API', true);

Web Application Firewall rule

all

Block SQL injection patterns targeting the vulnerable endpoint

WAF-specific rules to block SQL injection patterns in API requests

🧯 If You Can't Patch

Disable the PayPlus Payment Gateway plugin immediately
Implement strict network controls to limit access to the WooCommerce API

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → PayPlus Payment Gateway version number

Check Version:

wp plugin list --name='PayPlus Payment Gateway' --field=version

Verify Fix Applied:

Confirm plugin version is 6.6.9 or higher

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed API requests with SQL syntax
Unexpected database errors

Network Indicators:

HTTP POST requests to /wp-json/wc/v3/ endpoints with SQL payloads
Unusual traffic patterns to WooCommerce API

SIEM Query:

source="web_logs" AND (uri="*wc/v3*" AND (request_body="*SELECT*" OR request_body="*UNION*" OR request_body="*OR 1=1*"))

📊 Metadata

CVE ID: CVE-2024-6205

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: July 19, 2024

Last Updated: November 21, 2024

🔗 References

https://wpscan.com/vulnerability/7e2c5032-2917-418c-aee3-092bdb78a087/ Exploit,Third Party Advisory
https://wpscan.com/vulnerability/7e2c5032-2917-418c-aee3-092bdb78a087/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-6205, you might also want to check these: