Exploit
CVE-2024-8625

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89)

Published: Oct 21, 2024 / Updated: 29d ago

010
CVSS 7.2EPSS 0.04%High
CVE info copied to clipboard

Summary

The TS Poll WordPress plugin before version 2.4.0 contains a vulnerability where a parameter is not properly sanitized and escaped before being used in a SQL statement. This allows administrators to perform SQL injection attacks.

Impact

This vulnerability could allow authenticated attackers with administrative privileges to execute arbitrary SQL commands on the underlying database. The potential impacts include: 1. Data breach: Attackers could potentially read, modify, or delete sensitive information stored in the WordPress database. 2. Privilege escalation: Depending on the database configuration, attackers might be able to elevate their privileges within the WordPress installation or even at the server level. 3. Website defacement: Malicious actors could alter website content by manipulating database entries. 4. Data integrity compromise: Unauthorized modifications to the database could lead to corruption or loss of important data. 5. Potential for further exploitation: SQL injection could be used as a stepping stone for more advanced attacks on the server or network.

Exploitation

One proof-of-concept exploit is available on wpscan.com. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. The vulnerability has been fixed in version 2.4.0 of the TS Poll WordPress plugin. Users should update to this version or later to mitigate the risk.

Mitigation

To mitigate this vulnerability, consider the following recommendations: 1. Update immediately: Upgrade the TS Poll WordPress plugin to version 2.4.0 or later as soon as possible. 2. Limit administrative access: Restrict WordPress admin accounts to only trusted and necessary users. 3. Implement the principle of least privilege: Ensure that user accounts and database connections use the minimum required permissions. 4. Use Web Application Firewall (WAF): Implement a WAF to help detect and block SQL injection attempts. 5. Regular security audits: Conduct periodic security reviews of your WordPress installation and all installed plugins. 6. Keep backups: Maintain regular, secure backups of your WordPress database and files. 7. Monitor for suspicious activity: Implement logging and monitoring solutions to detect potential exploitation attempts. 8. If unable to update immediately, consider temporarily disabling the plugin until the update can be applied.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2024-8625

Oct 21, 2024 at 6:15 AM
First Article

Feedly found the first article mentioning CVE-2024-8625. See article

Oct 21, 2024 at 6:18 AM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 21, 2024 at 6:18 AM
CVSS

A CVSS base score of 7.2 has been assigned.

Oct 21, 2024 at 8:35 PM / nvd
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.7%)

Oct 22, 2024 at 10:47 AM
Proof of Concept (PoC) Released

A proof of concept exploit has been released

Oct 24, 2024 at 3:10 PM
Static CVE Timeline Graph

Affected Systems

Total-soft/ts_poll
+null more

Exploits

https://wpscan.com/vulnerability/ab4d7065-4ea2-4233-9593-0f540f91f45e/
+null more

Attack Patterns

CAPEC-108: Command Line Execution through SQL Injection
+null more

News

CVE-2024-8625 Exploit
CVE Id : CVE-2024-8625 Published Date: 2024-10-24T13:56:00+00:00 The TS Poll WordPress plugin before 2.4.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks inTheWild added a link to an exploit: https://wpscan.com/vulnerability/ab4d7065-4ea2-4233-9593-0f540f91f45e/
CVE Alert: CVE-2024-8625
Everyone that supports the site helps enable new functionality. Affected Endpoints:
CVE-2024-8625 - Exploits & Severity - Feedly
Feedly found the first article mentioning CVE-2024-8625. See article. Oct 20, 2024 at 11:18 PM / National Vulnerability Database. CVSS Estimate.
NA - CVE-2024-8625 - The TS Poll WordPress plugin before 2.4.0 does...
The TS Poll WordPress plugin before 2.4.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
CVE-2024-8625 | TS Poll Plugin up to 2.3.x on WordPress sql injection
A vulnerability has been found in TS Poll Plugin up to 2.3.x on WordPress and classified as critical . Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. This vulnerability is known as CVE-2024-8625 . The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
See 4 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:High
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI