CVE-2024-50498 Scanner

WP Query Console is a plugin designed for WordPress environments, developed to allow users to execute and debug SQL queries directly through the WordPress interface. It is often used by website administrators and developers for quick database checks and debugging. The plugin simplifies database management and enables dynamic queries, making it a popular choice for WordPress sites that require in-depth database interaction.

The vulnerability stems from improper control over the generation of executable code, allowing attackers to inject and execute arbitrary PHP code remotely. This type of vulnerability occurs when the system does not validate input adequately, enabling malicious payloads. The affected versions, up to and including 1.0, do not implement sufficient safeguards to prevent such exploits.

Technical details reveal that the endpoint `/wqc/v1/query` is exploitable via crafted HTTP POST requests. Attackers can specify the `queryArgs` parameter with malicious code, which the plugin executes without validation. The response, indicative of successful execution, includes detailed PHP information.

Exploitation of this vulnerability can lead to complete system compromise, allowing attackers to execute arbitrary commands, access sensitive data, or disrupt services. Since the vulnerability can be exploited without authentication, it poses a significant risk to unpatched systems.

REFERENCES

• https://github.com/RandomRobbieBF/CVE-2024-50498
• https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-query-console/wp-query-console-10-unauthenticated-remote-code-execution
• https://patchstack.com/database/vulnerability/wp-query-console/wordpress-wp-query-console-plugin-1-0-remote-code-execution-rce-vulnerability?_s_id=cve
• https://nvd.nist.gov/vuln/detail/CVE-2024-50498