CVE-2024-13750: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in prismitsystems Multilevel Referral Affiliate Plugin for WooCommerce
CVE-2024-13750 is a medium severity SQL Injection vulnerability in the Multilevel Referral Affiliate Plugin for WooCommerce, affecting all versions up to 2. 27. It arises from improper sanitization of the 'orderby' parameter, allowing authenticated users with Subscriber-level access or higher to inject malicious SQL code. Exploitation does not require user interaction and can lead to unauthorized disclosure of sensitive database information. The vulnerability impacts confidentiality but not integrity or availability. No known exploits are currently in the wild. Organizations using this plugin should prioritize patching or apply strict input validation and access controls to mitigate risk. The threat primarily affects WordPress e-commerce sites globally, with higher risk in countries with widespread WooCommerce adoption and active affiliate marketing ecosystems. Given the ease of exploitation and potential data exposure, the severity is rated medium with a CVSS score of 6. 5.
AI Analysis
Technical Summary
CVE-2024-13750 is an SQL Injection vulnerability identified in the Multilevel Referral Affiliate Plugin for WooCommerce, a WordPress plugin developed by prismitsystems. The flaw exists in all versions up to and including 2.27, where the 'orderby' parameter is insufficiently escaped and improperly handled in SQL queries. This improper neutralization of special SQL elements (CWE-89) allows authenticated attackers with Subscriber-level privileges or higher to append arbitrary SQL commands to existing queries. The vulnerability does not require user interaction and can be exploited remotely over the network (AV:N). The attack complexity is low (AC:L), and the attacker only needs low privileges (PR:L). Successful exploitation can lead to unauthorized disclosure of sensitive information from the backend database, compromising confidentiality (C:H) but not affecting integrity or availability. Although no public exploits have been reported, the vulnerability poses a significant risk to WordPress sites using this plugin, especially those handling sensitive affiliate and e-commerce data. The lack of patches at the time of disclosure necessitates immediate mitigation efforts.
Potential Impact
The primary impact of this vulnerability is the unauthorized disclosure of sensitive information stored in the WordPress database, which may include user data, affiliate referral details, and potentially payment-related information depending on the site configuration. Since the vulnerability allows SQL Injection via a parameter accessible to low-privileged authenticated users, attackers can escalate their access to sensitive data without needing administrative privileges. This can lead to data breaches, loss of customer trust, and regulatory compliance issues such as GDPR violations. Although the vulnerability does not affect data integrity or availability, the exposure of confidential data can have severe reputational and financial consequences for organizations. E-commerce sites relying on this plugin are particularly at risk, as attackers could leverage stolen data for fraud or further attacks.
Mitigation Recommendations
Organizations should immediately upgrade the Multilevel Referral Affiliate Plugin for WooCommerce to a patched version once available. In the absence of an official patch, implement strict input validation and sanitization on the 'orderby' parameter to ensure only expected values are accepted. Employ Web Application Firewalls (WAFs) with custom rules to detect and block SQL Injection attempts targeting this parameter. Restrict user roles and permissions to minimize the number of users with Subscriber-level or higher access, and monitor logs for unusual query patterns or access attempts. Additionally, conduct regular security audits and database access reviews to detect potential exploitation. Consider isolating the WordPress database with least privilege access controls and encrypting sensitive data at rest to reduce impact if data is accessed. Finally, maintain up-to-date backups to enable recovery in case of compromise.
Affected Countries
United States, United Kingdom, Germany, Canada, Australia, India, Brazil, France, Netherlands, Japan
CVE-2024-13750: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in prismitsystems Multilevel Referral Affiliate Plugin for WooCommerce
Description
CVE-2024-13750 is a medium severity SQL Injection vulnerability in the Multilevel Referral Affiliate Plugin for WooCommerce, affecting all versions up to 2. 27. It arises from improper sanitization of the 'orderby' parameter, allowing authenticated users with Subscriber-level access or higher to inject malicious SQL code. Exploitation does not require user interaction and can lead to unauthorized disclosure of sensitive database information. The vulnerability impacts confidentiality but not integrity or availability. No known exploits are currently in the wild. Organizations using this plugin should prioritize patching or apply strict input validation and access controls to mitigate risk. The threat primarily affects WordPress e-commerce sites globally, with higher risk in countries with widespread WooCommerce adoption and active affiliate marketing ecosystems. Given the ease of exploitation and potential data exposure, the severity is rated medium with a CVSS score of 6. 5.
AI-Powered Analysis
Technical Analysis
CVE-2024-13750 is an SQL Injection vulnerability identified in the Multilevel Referral Affiliate Plugin for WooCommerce, a WordPress plugin developed by prismitsystems. The flaw exists in all versions up to and including 2.27, where the 'orderby' parameter is insufficiently escaped and improperly handled in SQL queries. This improper neutralization of special SQL elements (CWE-89) allows authenticated attackers with Subscriber-level privileges or higher to append arbitrary SQL commands to existing queries. The vulnerability does not require user interaction and can be exploited remotely over the network (AV:N). The attack complexity is low (AC:L), and the attacker only needs low privileges (PR:L). Successful exploitation can lead to unauthorized disclosure of sensitive information from the backend database, compromising confidentiality (C:H) but not affecting integrity or availability. Although no public exploits have been reported, the vulnerability poses a significant risk to WordPress sites using this plugin, especially those handling sensitive affiliate and e-commerce data. The lack of patches at the time of disclosure necessitates immediate mitigation efforts.
Potential Impact
The primary impact of this vulnerability is the unauthorized disclosure of sensitive information stored in the WordPress database, which may include user data, affiliate referral details, and potentially payment-related information depending on the site configuration. Since the vulnerability allows SQL Injection via a parameter accessible to low-privileged authenticated users, attackers can escalate their access to sensitive data without needing administrative privileges. This can lead to data breaches, loss of customer trust, and regulatory compliance issues such as GDPR violations. Although the vulnerability does not affect data integrity or availability, the exposure of confidential data can have severe reputational and financial consequences for organizations. E-commerce sites relying on this plugin are particularly at risk, as attackers could leverage stolen data for fraud or further attacks.
Mitigation Recommendations
Organizations should immediately upgrade the Multilevel Referral Affiliate Plugin for WooCommerce to a patched version once available. In the absence of an official patch, implement strict input validation and sanitization on the 'orderby' parameter to ensure only expected values are accepted. Employ Web Application Firewalls (WAFs) with custom rules to detect and block SQL Injection attempts targeting this parameter. Restrict user roles and permissions to minimize the number of users with Subscriber-level or higher access, and monitor logs for unusual query patterns or access attempts. Additionally, conduct regular security audits and database access reviews to detect potential exploitation. Consider isolating the WordPress database with least privilege access controls and encrypting sensitive data at rest to reduce impact if data is accessed. Finally, maintain up-to-date backups to enable recovery in case of compromise.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2025-01-27T22:01:42.124Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 699f6e6db7ef31ef0b5a0694
Added to database: 2/25/2026, 9:49:33 PM
Last enriched: 2/25/2026, 10:14:26 PM
Last updated: 2/25/2026, 10:53:34 PM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-27577: CWE-94: Improper Control of Generation of Code ('Code Injection') in n8n-io n8n
CriticalCVE-2026-27497: CWE-94: Improper Control of Generation of Code ('Code Injection') in n8n-io n8n
CriticalCVE-2026-27495: CWE-94: Improper Control of Generation of Code ('Code Injection') in n8n-io n8n
CriticalCVE-2026-27494: CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere in n8n-io n8n
HighCVE-2026-27493: CWE-94: Improper Control of Generation of Code ('Code Injection') in n8n-io n8n
CriticalActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.