This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: SQL Injection (SQLi) in 'Beautiful taxonomy filters' plugin. π₯ **Consequences**: Attackers can extract sensitive database info by manipulating the `selects[0][term]` parameter.β¦
π‘οΈ **CWE-89**: Improper Neutralization of Special Elements used in an SQL Command. π **Flaw**: Insufficient escaping on user-supplied parameters + lack of prepared statements in the existing SQL query logic.
π΅οΈ **Privileges**: Unauthenticated access required (No login needed!). π **Data**: High impact (C:H). Attackers can read/extract sensitive data from the WordPress database.β¦
π **Threshold**: LOW. βοΈ **Config**: No authentication (PR:N) or user interaction (UI:N) required. π **Access**: Network accessible (AV:N). Easy to exploit remotely.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π **Public Exp**: YES. π **PoC**: Available on GitHub (RandomRobbieBF/CVE-2024-12270). π **Status**: Wild exploitation risk is high due to public PoC and low barrier to entry.
Q7How to self-check? (Features/Scanning)
π **Check**: Scan for 'Beautiful taxonomy filters' plugin version. π‘ **Indicator**: Look for SQLi payloads in `selects[0][term]` parameter in HTTP requests.β¦
π οΈ **Fix**: Official patch released. π **Ref**: WordPress Trac changeset 3205710. β **Action**: Update plugin to version > 2.4.3 immediately.
Q9What if no patch? (Workaround)
π« **No Patch?**: Disable the plugin if not essential. π‘οΈ **WAF**: Deploy Web Application Firewall rules to block SQLi patterns in `selects[0][term]`.β¦
π₯ **Urgency**: HIGH. π¨ **Priority**: Critical. Unauthenticated SQLi with public PoC means immediate compromise risk. Patch NOW or disable plugin.