cbcvebase.
CVE-2024-3552
published 2024-06-13

CVE-2024-3552: The Web Directory Free WordPress plugin before 1.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available…

PriorityP181critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
67.29%
99.2th percentile
The Web Directory Free WordPress plugin before 1.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and Error-Based.

Affected

1 ranges
VendorProductVersion rangeFixed in
salephpscriptsweb_directory_free< 1.7.01.7.0

Detection & IOCsextracted from sources · hover to see the quote

versionWeb Directory Free < 1.7.0
  • The vulnerability is exploitable by unauthenticated users via an AJAX action — monitor WordPress wp-admin/admin-ajax.php requests for SQL injection patterns (UNION, time-based, error-based) targeting the Web Directory Free plugin parameter.
  • Detection rule uses a regex match on an empty JSON array response body (^\ [\]$) combined with HTTP 200 status to identify successful blind/error-based SQLi probing responses from the vulnerable AJAX endpoint.
  • The Sigma/nuclei rule digest for this CVE is 4a0a0047304502201331abda26e92a71f92b27395b56724e308d57827600e1e6df68396cdb585d24022100ad8e2f6e76f01406eba01695613f451223575ab8e136f781a6a12cf67f087b7f:922c64590222798bb761d5b6d8e72950 — use to verify rule integrity.
  • ·The vulnerable AJAX action is accessible to unauthenticated users, meaning no authentication bypass is required — any public-facing WordPress site running Web Directory Free < 1.7.0 is exposed.
  • ·Multiple SQLi techniques are supported (UNION, Time-Based, Error-Based), so detection logic should not rely solely on UNION-based signatures — time-delay and error-pattern detections are also needed.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.