cbcvebase.
CVE-2024-3922
published 2024-06-13

CVE-2024-3922: The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient…

PriorityP179critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
56.21%
98.9th percentile
The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Affected

2 ranges
VendorProductVersion rangeFixed in
dokandokan< 3.11.03.11.0
wedevsdokan_pro<= 3.10.3

Detection & IOCsextracted from sources · hover to see the quote

othercode
sigma
Dokan Pro =6"
  • Monitor for unauthenticated HTTP requests targeting the Dokan Pro plugin endpoint with a 'code' parameter containing SQL metacharacters or stacked/appended SQL query syntax.
  • Flag HTTP 302 redirect responses associated with Dokan Pro plugin requests as a potential indicator of successful exploitation or probe activity.
  • Target Dokan Pro plugin versions up to and including 3.10.3 for patching; presence of these versions in a WordPress installation indicates active vulnerability exposure.
  • ·The SQL injection is possible due to insufficient escaping of the user-supplied 'code' parameter and lack of sufficient preparation on the existing SQL query; WAF rules must account for appended/stacked SQL query patterns, not just classic injection syntax.
  • ·The vulnerability is exploitable by unauthenticated attackers, meaning no authentication bypass is required; detection rules should not filter out unauthenticated sessions when monitoring for this CVE.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.