CVE-2024-6809
📋 TL;DR
CVE-2024-6809 is a critical SQL injection vulnerability in the Simple Video Directory WordPress plugin that allows unauthenticated attackers to execute arbitrary SQL commands. This affects WordPress sites running vulnerable plugin versions, potentially compromising the entire database. Attackers can exploit this remotely without any authentication.
💻 Affected Systems
- Simple Video Directory WordPress Plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise leading to data theft, privilege escalation, remote code execution via database functions, and full site takeover.
Likely Case
Database information disclosure, user credential extraction, and potential administrative access to WordPress.
If Mitigated
Limited impact if proper WAF rules block SQL injection patterns and database permissions are restricted.
🎯 Exploit Status
Exploitation is straightforward via crafted HTTP requests to vulnerable AJAX endpoints.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.4.3
Vendor Advisory: https://wpscan.com/vulnerability/60abcae5-4c89-4d48-95f8-6a80e5f06a37/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Simple Video Directory plugin. 4. Click 'Update Now' if update available. 5. If no update appears, manually download version 1.4.3 from WordPress repository and replace plugin files.
🔧 Temporary Workarounds
Disable vulnerable AJAX endpoint
linuxBlock access to the vulnerable AJAX action via .htaccess or web server configuration
# Add to .htaccess:
RewriteCond %{QUERY_STRING} action=simple_video_directory_ajax [NC]
RewriteRule ^ - [F]
Web Application Firewall rule
allImplement WAF rules to block SQL injection patterns targeting the vulnerable parameter
🧯 If You Can't Patch
- Disable or remove the Simple Video Directory plugin entirely
- Implement strict network segmentation and limit external access to affected WordPress instances
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Simple Video Directory version number. If version is below 1.4.3, system is vulnerable.Check Version:
wp plugin list --name=simple-video-directory --field=versionVerify Fix Applied:
Confirm plugin version is 1.4.3 or higher in WordPress admin panel. Test vulnerable AJAX endpoint with safe payload to ensure sanitization is working.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL errors in WordPress debug logs
- Multiple POST requests to /wp-admin/admin-ajax.php with SQL keywords
- Unexpected database queries from web server process
Network Indicators:
- HTTP POST requests containing SQL injection payloads to admin-ajax.php
- Unusual database connection patterns from web server
SIEM Query:
source="web_logs" AND uri="/wp-admin/admin-ajax.php" AND (request_body CONTAINS "UNION" OR request_body CONTAINS "SELECT" OR request_body CONTAINS "INSERT")