WordPress Directorist Booking plugin <= 3.0.3 - SQL Injection vulnerability

Vulnerability

The Directorist Booking plugin for WordPress suffers from a blind SQL injection vulnerability due to improper neutralization of special elements used in an SQL command. This affects all versions from n/a through 3.0.3. The vulnerability is present in an unauthenticated endpoint, making it remotely exploitable without any prior authentication or user interaction [1].

Exploitation

An attacker can exploit this vulnerability by sending crafted HTTP requests to the vulnerable endpoint, performing blind SQL injection techniques to infer data from the database. No special privileges or network position beyond standard internet access is required. The attack does not require any user interaction and can be automated to target multiple sites simultaneously [1].

Impact

Successful exploitation allows an attacker to directly interact with the database, leading to information disclosure. This includes the potential theft of sensitive data such as user credentials, personal information, and other stored content. The blind nature of the injection means the attacker can extract data character by character, but the impact is severe as it can compromise the entire WordPress site's data [1].

Mitigation

The vulnerability is fixed in version 3.0.4 of the Directorist Booking plugin. Users are strongly advised to update immediately. For those unable to update, Patchstack has issued a mitigation rule to block attacks until the update is applied. No other workarounds are documented [1].