CVE-2024-8625
📋 TL;DR
The TS Poll WordPress plugin before version 2.4.0 contains a SQL injection vulnerability that allows authenticated administrators to execute arbitrary SQL commands. This affects WordPress sites using vulnerable versions of the TS Poll plugin. Attackers with admin access can potentially compromise the database.
💻 Affected Systems
- TS Poll WordPress Plugin
📦 What is this software?
Ts Poll by Total Soft
⚠️ Risk & Real-World Impact
Worst Case
Full database compromise including data theft, modification, or deletion; potential privilege escalation to full site control; possible server compromise if database permissions allow file system access.
Likely Case
Data exfiltration from WordPress database, modification of site content, creation of backdoor admin accounts, or installation of malicious plugins/themes.
If Mitigated
Limited impact if proper access controls restrict admin accounts and database permissions are minimized; SQL injection attempts would be logged and detected.
🎯 Exploit Status
Exploitation requires WordPress administrator credentials; SQL injection is straightforward once authenticated.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.4.0
Vendor Advisory: https://wpscan.com/vulnerability/ab4d7065-4ea2-4233-9593-0f540f91f45e/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find TS Poll plugin. 4. Click 'Update Now' if update available. 5. Alternatively, download version 2.4.0+ from WordPress repository and manually update.
🔧 Temporary Workarounds
Disable TS Poll Plugin
allTemporarily disable the vulnerable plugin until patching is possible
wp plugin deactivate ts-poll
Restrict Admin Access
allImplement strict access controls for WordPress administrator accounts
🧯 If You Can't Patch
- Remove admin access from untrusted users and implement multi-factor authentication
- Implement web application firewall rules to block SQL injection patterns
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → TS Poll version number; if version is below 2.4.0, system is vulnerable.Check Version:
wp plugin get ts-poll --field=versionVerify Fix Applied:
Verify TS Poll plugin version is 2.4.0 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in WordPress or database logs
- Multiple failed login attempts followed by successful admin login
- Unexpected plugin file modifications
Network Indicators:
- HTTP POST requests to TS Poll admin endpoints with SQL payloads
- Unusual database connection patterns from web server
SIEM Query:
source="wordpress.log" AND "ts-poll" AND ("SELECT" OR "UNION" OR "INSERT" OR "UPDATE" OR "DELETE")