CVE-2024-7854
📋 TL;DR
The Woo Inquiry WordPress plugin contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries. This can lead to complete database compromise including extraction of sensitive data like user credentials, payment information, and site content. All WordPress sites using Woo Inquiry version 0.1 or earlier are affected.
💻 Affected Systems
- Woo Inquiry WordPress Plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete database takeover allowing attackers to steal all stored data, modify/delete content, create administrative users, and potentially achieve remote code execution through database functions.
Likely Case
Attackers extract sensitive user data (passwords, emails, personal information), modify site content, or install backdoors for persistent access.
If Mitigated
Limited information disclosure from non-sensitive tables if proper input validation and WAF rules are in place.
🎯 Exploit Status
SQL injection via 'dbid' parameter requires minimal technical skill. Public exploit code is available in security advisories.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 0.1
Vendor Advisory: https://plugins.trac.wordpress.org/browser/woo-inquiry/trunk/includes/functions.php?rev=2088873#L307
Restart Required: No
Instructions:
1. Log into WordPress admin panel
2. Navigate to Plugins → Installed Plugins
3. Locate 'Woo Inquiry' plugin
4. Click 'Update Now' if update available
5. If no update available, deactivate and delete the plugin immediately
🔧 Temporary Workarounds
Web Application Firewall (WAF) Rule
allBlock SQL injection attempts targeting the 'dbid' parameter
WAF-specific configuration required
Plugin Deactivation
linuxTemporarily disable the vulnerable plugin
wp plugin deactivate woo-inquiry
🧯 If You Can't Patch
- Immediately deactivate and remove the Woo Inquiry plugin from all WordPress installations
- Implement strict WAF rules to block SQL injection patterns and monitor for exploitation attempts
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Woo Inquiry version. If version is 0.1 or earlier, you are vulnerable.Check Version:
wp plugin list --name=woo-inquiry --field=versionVerify Fix Applied:
Verify plugin is either updated to version after 0.1 or completely removed from the plugins directory.📡 Detection & Monitoring
Log Indicators:
- Unusual database queries containing UNION SELECT, INFORMATION_SCHEMA, or concatenated SQL statements
- Multiple failed SQL queries from single IPs
- Requests to Woo Inquiry endpoints with SQL syntax in parameters
Network Indicators:
- HTTP POST/GET requests containing SQL injection payloads in 'dbid' parameter
- Unusual traffic patterns to /wp-content/plugins/woo-inquiry/ endpoints
SIEM Query:
source="web_logs" AND (uri_path="*woo-inquiry*" AND (query_string="*dbid=*UNION*" OR query_string="*dbid=*SELECT*" OR query_string="*dbid=*INFORMATION_SCHEMA*"))