{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/directorypress/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-3489"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["DirectoryPress","WordPress"],"_cs_severities":["high"],"_cs_tags":["wordpress","sql-injection","cve-2026-3489","directorypress"],"_cs_type":"advisory","_cs_vendors":["DirectoryPress","WordPress"],"content_html":"\u003cp\u003eThe DirectoryPress plugin, a WordPress plugin designed for business directory and classified ad listings, is susceptible to a critical SQL Injection vulnerability. This flaw, identified as CVE-2026-3489, affects versions up to and including 3.6.26. The vulnerability resides in the 'packages' parameter and stems from inadequate input sanitization and insufficient preparation of existing SQL queries. This allows unauthenticated attackers to inject arbitrary SQL commands into database queries. Successful exploitation could lead to the extraction of sensitive information from the WordPress database. Given the widespread use of WordPress and the DirectoryPress plugin, this vulnerability poses a significant risk to organizations using affected versions.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker identifies a DirectoryPress installation running a vulnerable version (\u0026lt;= 3.6.26).\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting a script using the 'packages' parameter.\u003c/li\u003e\n\u003cli\u003eThe attacker injects SQL code into the 'packages' parameter within the HTTP request.\u003c/li\u003e\n\u003cli\u003eThe vulnerable application fails to properly sanitize the input, passing the malicious SQL code to the database.\u003c/li\u003e\n\u003cli\u003eThe injected SQL code is executed within the context of the existing database query.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the SQL injection to extract sensitive data, such as usernames, passwords, or other confidential information.\u003c/li\u003e\n\u003cli\u003eThe extracted data is returned to the attacker in the HTTP response.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the stolen credentials to gain unauthorized access to the WordPress administration panel or other systems.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SQL Injection vulnerability (CVE-2026-3489) can lead to the complete compromise of the WordPress database. Attackers can steal sensitive information, including user credentials, customer data, and proprietary business information. This can result in significant financial losses, reputational damage, and legal liabilities. The impact is magnified by the potential for attackers to gain administrative access to the WordPress site, allowing them to further compromise the server and connected systems.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately update the DirectoryPress plugin to the latest version to patch CVE-2026-3489.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026quot;Detect Suspicious GET Requests to WordPress Plugins with SQL Injection Attempts\u0026quot; to identify potential exploitation attempts targeting the 'packages' parameter.\u003c/li\u003e\n\u003cli\u003eImplement a Web Application Firewall (WAF) to filter malicious requests and prevent SQL injection attacks.\u003c/li\u003e\n\u003cli\u003eReview and harden WordPress database security configurations, including limiting database user privileges and enabling query parameter validation.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-05-16T12:00:00Z","date_published":"2024-05-16T12:00:00Z","id":"https://feed.craftedsignal.io/briefs/2024-05-16-directorypress-sqli/","summary":"The DirectoryPress WordPress plugin before 3.6.26 is vulnerable to unauthenticated SQL Injection via the 'packages' parameter, allowing attackers to extract sensitive database information.","title":"DirectoryPress WordPress Plugin Vulnerable to SQL Injection (CVE-2026-3489)","url":"https://feed.craftedsignal.io/briefs/2024-05-16-directorypress-sqli/"}],"language":"en","title":"CraftedSignal Threat Feed - DirectoryPress","version":"https://jsonfeed.org/version/1.1"}