Severity: Unknown
Description: The G Auto-Hyperlink WordPress plugin through 1.0.1 does not sanitise or escape an 'id' GET parameter before using it in a SQL statement, to select data to be displayed in the admin dashboard, leading to an authenticated SQL injection
CVSS Score: N/A
C
No data available.
1. Risk Assessment
The G Auto-Hyperlink WordPress plugin vulnerability (CVE-2021-24627) is an authenticated SQL injection flaw. This means an attacker with a valid WordPress account can inject malicious SQL code through the ‘id’ GET parameter. The impact is moderate to high, as successful exploitation can lead to unauthorized access to the WordPress database. This compromises the integrity of the data stored within the database, potentially leading to data modification or extraction. Confidentiality can be impacted if sensitive data is stored within the database and accessible through the injection point. Availability can be affected if the injection leads to database server overload or disruption. The likelihood of exploitation is moderate, as it requires an authenticated user, but the ease of exploitation is relatively high given the direct use of the 'id' GET parameter in the SQL query without proper sanitization. The EPSS score of 0.253950000 suggests a reasonable level of risk, indicating a moderate probability of exploitation given the prevalence of WordPress installations.
2. Potential Attack Scenarios
An attacker with a WordPress account possessing sufficient privileges (likely an administrator or editor) can leverage this SQL injection vulnerability to extract user data. The attacker crafts a malicious URL, including a SQL injection payload in the ‘id’ parameter. For example, the attacker might construct a URL like: `https://example.com/wp-admin/admin.php?page=g-auto-hyperlink&id=1' UNION SELECT username, password FROM wp_users--` This crafted URL, when visited by an authenticated user, will include the malicious SQL code in the query. The query will then return usernames and passwords from the wp_users table alongside the expected data. The attacker can then use these credentials to gain access to more WordPress accounts or the underlying server, depending on password complexity and user privileges.
3. Mitigation Recommendations
The primary mitigation is to update the G Auto-Hyperlink plugin to version 1.0.2 or later, which includes the necessary sanitization and escaping for the 'id' GET parameter. WordPress administrators should immediately update the plugin through the WordPress admin dashboard (Plugins -> Installed Plugins). Consider using a WordPress security plugin that provides vulnerability scanning and automated updates. Regularly review plugin versions and apply updates promptly to minimize the window of exposure. Implement strong password policies for all WordPress users to limit the impact of successful credential theft. Enable two-factor authentication where possible for enhanced security. Additional information can be found at: https://wpscan.com/vulnerability/c04ea768-150f-41b8-b08c-78d1ae006bbb and https://codevigilant.com/disclosure/2021/wp-plugin-g-auto-hyperlink/.
4. Executive Summary
The G Auto-Hyperlink WordPress plugin contains a SQL injection vulnerability that could allow authenticated attackers to access and potentially modify data stored within your WordPress database. This means sensitive information, such as user accounts, could be compromised. While exploitation requires an existing WordPress user account, the vulnerability is relatively easy to exploit and could have a significant impact on data integrity and confidentiality. We recommend updating the G Auto-Hyperlink plugin to the latest version (1.0.2 or higher) as soon as possible to mitigate this risk. Prompt action is crucial to protect your WordPress site and the data it holds from potential compromise. The cost of addressing this vulnerability is low (a simple plugin update), while the potential business impact of a successful attack could be substantial.