S4E

CVE-2024-4443 Scanner

CVE-2024-4443 scanner - SQL Injection vulnerability in Business Directory Plugin for WordPress

SCAN NOW

Short Info


Level

Critical

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 second

Time Interval

4 week

Scan only one

Domain, Ipv4

Toolbox

-

The Business Directory Plugin for WordPress is widely used by website administrators to create and manage business listings. It is commonly used by small to medium-sized businesses to showcase their services online. The plugin allows users to easily add, edit, and organize business information on their websites. It is popular for its ease of use and extensive customization options. Many businesses rely on it to maintain an up-to-date directory of their services and contact information.

The Business Directory Plugin for WordPress is vulnerable to a SQL Injection attack via the 'listingfields' parameter. This vulnerability allows an unauthenticated attacker to inject arbitrary SQL queries into the database. Exploiting this issue could lead to the extraction of sensitive information from the database. The vulnerability exists in all versions up to and including 6.4.2.

The SQL Injection vulnerability in the Business Directory Plugin is due to insufficient escaping of user-supplied input in the 'listingfields' parameter. Specifically, the parameter is not properly sanitized before being included in an SQL query. This allows attackers to manipulate the SQL query by injecting additional SQL code. The vulnerability is located in the search functionality of the plugin, where user input is directly included in the query without proper validation. The vulnerable endpoint is '/business-directory/?dosrch=1&q=&wpbdp_view=search'.

Exploitation of this vulnerability could have severe consequences. Attackers could gain unauthorized access to the database, leading to the exposure of sensitive information such as user credentials, business details, and other confidential data. Additionally, the attackers could modify or delete database entries, disrupt website operations, and potentially execute further attacks on the server. The overall integrity and availability of the business directory could be compromised.

By becoming a member of the S4E platform, you gain access to a comprehensive suite of security scanning tools designed to protect your digital assets. Our platform provides timely alerts and detailed reports on vulnerabilities, enabling you to take immediate action. With our proactive monitoring and expert recommendations, you can ensure the security and integrity of your website. Join S4E today and stay ahead of potential threats, safeguarding your business and your customers.

References:

Get started to protecting your Free Full Security Scan