CVE-2024-3217 in WP Directory Kit Plugininfo

Summary

by MITRE • 04/05/2024

The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'attribute_value' and 'attribute_id' parameters in all versions up to, and including, 1.3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 04/14/2026

The WP Directory Kit plugin for WordPress presents a critical security vulnerability classified as CVE-2024-3217, which stems from improper input validation and sanitization mechanisms within its database query processing. This vulnerability affects all versions up to and including 1.3.0, creating a persistent risk for WordPress installations that utilize this plugin. The flaw manifests through the 'attribute_value' and 'attribute_id' parameters, which are processed without adequate escaping or preparation, allowing malicious actors to manipulate the underlying SQL queries through crafted input values.

The technical exploitation of this vulnerability occurs when authenticated users with subscriber-level privileges or higher attempt to interact with the plugin's functionality that processes directory attributes. The insufficient escaping of user-supplied parameters creates a direct pathway for SQL injection attacks, where attackers can inject malicious SQL fragments into the existing query structure. This vulnerability aligns with CWE-89, which specifically addresses SQL injection flaws resulting from inadequate input sanitization, and represents a classic case of improper neutralization of special elements used in SQL commands.

The operational impact of CVE-2024-3217 extends beyond simple data theft, as authenticated attackers can potentially extract sensitive information from the WordPress database through the manipulated SQL queries. This includes but is not limited to user credentials, personal information, plugin configurations, and other database content that may be accessible through the directory kit's attribute handling mechanisms. The vulnerability's exploitation requires minimal privileges, making it particularly dangerous as it can be leveraged by users who already have basic access to the WordPress site, potentially escalating their privileges or gaining unauthorized access to restricted data.

Security practitioners should implement immediate mitigations including upgrading to the latest version of the WP Directory Kit plugin where the vulnerability has been addressed, applying the necessary patches, and implementing additional security controls such as input validation at the application level and database query monitoring. The ATT&CK framework categorizes this vulnerability under T1078 Valid Accounts, as it exploits existing user credentials to perform unauthorized database operations, and T1046 Network Service Scanning, as attackers may need to map the plugin's functionality to identify the vulnerable parameters. Organizations should also consider implementing database activity monitoring solutions to detect anomalous SQL query patterns that may indicate exploitation attempts.

Responsible

Wordfence

Reservation

04/02/2024

Disclosure

04/05/2024

Moderation

accepted

CPE

ready

EPSS

0.01869

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!