CVE-2024-3217

HIGH

WP Directory Kit <= 1.3.0 - Authenticated SQL Injection via attribute_value and attribute_id Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-3217. PoCs published by BassamAssiri.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2024-3217, a SQL injection vulnerability in the WP Directory Kit plugin for WordPress. It includes patch diff analysis, vulnerable code paths, and SQLMap output demonstrating exploitation.

Description

The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'attribute_value' and 'attribute_id' parameters in all versions up to, and including, 1.3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Exploits (1)

nomisec WRITEUP 6 stars

by BassamAssiri · poc

https://github.com/BassamAssiri/CVE-2024-3217-POC

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2024-3217, a SQL injection vulnerability in the WP Directory Kit plugin for WordPress. It includes patch diff analysis, vulnerable code paths, and SQLMap output demonstrating exploitation.

Classification

Writeup 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: WP Directory Kit plugin for WordPress (versions up to and including 1.3.0)

Auth required

Prerequisites: WordPress installation with WP Directory Kit plugin version <= 1.3.0 · Authenticated attacker with subscriber-level access or higher

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Product

https://plugins.trac.wordpress.org/browser/wpdirectorykit/trunk/application/controllers/Wdk_frontendajax.php#L72

Patch

https://plugins.trac.wordpress.org/changeset/3064842/wpdirectorykit/trunk/application/controllers/Wdk_frontendajax.php

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/09b315e6-d973-467d-8b8d-4b7b4a7ca3f8?source=cve

Scores

CVSS v3 8.8

EPSS 0.0187

EPSS Percentile 76.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-89

Status published

Products (2)

wpdirectorykit/WP Directory Kit < 1.3.0

wpdirectorykit/wp_directory_kit < 1.3.1

Published Apr 05, 2024

Tracked Since Feb 18, 2026