CVE-2024-3552
published 2024-06-13CVE-2024-3552: The Web Directory Free WordPress plugin before 1.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available…
PriorityP181critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
67.29%
99.2th percentile
The Web Directory Free WordPress plugin before 1.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and Error-Based.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| salephpscripts | web_directory_free | < 1.7.0 | 1.7.0 |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability is exploitable by unauthenticated users via an AJAX action — monitor WordPress wp-admin/admin-ajax.php requests for SQL injection patterns (UNION, time-based, error-based) targeting the Web Directory Free plugin parameter. ↗
- →Detection rule uses a regex match on an empty JSON array response body (^\ [\]$) combined with HTTP 200 status to identify successful blind/error-based SQLi probing responses from the vulnerable AJAX endpoint. ↗
- →The Sigma/nuclei rule digest for this CVE is 4a0a0047304502201331abda26e92a71f92b27395b56724e308d57827600e1e6df68396cdb585d24022100ad8e2f6e76f01406eba01695613f451223575ab8e136f781a6a12cf67f087b7f:922c64590222798bb761d5b6d8e72950 — use to verify rule integrity. ↗
- ·The vulnerable AJAX action is accessible to unauthenticated users, meaning no authentication bypass is required — any public-facing WordPress site running Web Directory Free < 1.7.0 is exposed. ↗
- ·Multiple SQLi techniques are supported (UNION, Time-Based, Error-Based), so detection logic should not rely solely on UNION-based signatures — time-delay and error-pattern detections are also needed. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Web Directory Free < 1.7.0 - SQL Injection
nuclei·CVSS 9.8
CVE-2024-3552 [CRITICAL] Web Directory Free < 1.7.0 - SQL Injection
Web Directory Free =6"
- "status_code == 200"
- regex('^\[\]$', body)
condition: and
# digest: 4a0a0047304502201331abda26e92a71f92b27395b56724e308d57827600e1e6df68396cdb585d24022100ad8e2f6e76f01406eba01695613f451223575ab8e136f781a6a12cf67f087b7f:922c64590222798bb761d5b6d8e72950
2024-06-13
Published