CVE-2024-8379
📋 TL;DR
This SQL injection vulnerability in the Cost Calculator Builder WordPress plugin allows authenticated users with Admin role or higher to execute arbitrary SQL commands. Attackers could read, modify, or delete database content, potentially compromising the entire WordPress site. All WordPress installations using vulnerable plugin versions are affected.
💻 Affected Systems
- Cost Calculator Builder WordPress plugin
📦 What is this software?
Cost Calculator Builder by Stylemixthemes
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise leading to data theft, site defacement, privilege escalation to WordPress super admin, or full site takeover via webshell deployment.
Likely Case
Data exfiltration of sensitive information (user credentials, payment data, personal information), database corruption, or privilege escalation within WordPress.
If Mitigated
Limited impact if proper network segmentation, database user privilege restrictions, and regular backups are in place, though some data exposure may still occur.
🎯 Exploit Status
Exploitation requires authenticated access with Admin privileges. SQL injection is well-understood with many available tools.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.2.29
Vendor Advisory: https://wpscan.com/vulnerability/a3463d5a-8215-4958-a6c0-039681c35a50/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Cost Calculator Builder' and check if version is below 3.2.29. 4. Click 'Update Now' if available, or manually download version 3.2.29+ from WordPress repository. 5. Activate the updated plugin.
🔧 Temporary Workarounds
Temporary Plugin Deactivation
allDisable the vulnerable plugin until patched
wp plugin deactivate cost-calculator-builder
Database User Privilege Restriction
linuxLimit WordPress database user to SELECT, INSERT, UPDATE, DELETE only
REVOKE DROP, CREATE, ALTER ON wordpress.* FROM 'wpuser'@'localhost';
🧯 If You Can't Patch
- Remove Admin role from untrusted users and implement principle of least privilege
- Implement web application firewall (WAF) with SQL injection protection rules
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Cost Calculator Builder version. If version is below 3.2.29, you are vulnerable.Check Version:
wp plugin get cost-calculator-builder --field=versionVerify Fix Applied:
Verify plugin version shows 3.2.29 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in database logs
- Multiple failed login attempts followed by successful Admin login
- Unexpected plugin file modifications
Network Indicators:
- POST requests to /wp-admin/admin-ajax.php with SQL-like parameters
- Unusual outbound database connections
SIEM Query:
source="wordpress.log" AND "cost-calculator-builder" AND ("admin-ajax" OR "action=update_options")