CVE-2024-7857 is a critical SQL Injection vulnerability identified in the Media Library Folders plugin for WordPress, developed by maxfoundry. The flaw exists in all versions up to and including 8.2.2 and is caused by improper escaping and insufficient preparation of the 'sort_type' parameter in the 'mlf_change_sort_type' AJAX action. This parameter is user-supplied and not adequately sanitized before being incorporated into SQL queries, leading to a second-order SQL Injection vulnerability. Authenticated attackers with subscriber-level privileges or higher can exploit this by injecting malicious SQL code that appends to existing queries, enabling unauthorized data extraction from the backend database. The vulnerability does not require elevated privileges beyond subscriber access, nor does it require user interaction beyond authentication, making it relatively easy to exploit in compromised or low-privilege accounts. The CVSS 3.1 base score is 9.8, reflecting the vulnerability's critical impact on confidentiality, integrity, and availability. While no public exploits have been reported yet, the nature of the vulnerability and its presence in a widely used WordPress plugin pose a substantial risk. The lack of a patch at the time of reporting necessitates immediate mitigation efforts by administrators.

The exploitation of CVE-2024-7857 can have severe consequences for organizations running WordPress sites with the vulnerable Media Library Folders plugin. Attackers can extract sensitive information such as user credentials, configuration data, or other confidential database contents, leading to data breaches and privacy violations. The integrity of the database can be compromised by unauthorized modification or deletion of data, potentially disrupting website functionality and damaging organizational reputation. Availability may also be affected if injected queries cause database errors or crashes. Since the vulnerability can be exploited by low-privilege authenticated users, it increases the attack surface, especially in environments with many subscriber-level accounts or where account compromise is possible. This can facilitate lateral movement or privilege escalation within the WordPress environment. The widespread use of WordPress globally means that many organizations, including small businesses, media outlets, and e-commerce sites, are at risk. The critical severity score underscores the urgency of addressing this vulnerability to prevent significant operational and reputational damage.

To mitigate CVE-2024-7857, organizations should immediately update the Media Library Folders plugin to a patched version once available. Until a patch is released, administrators should consider disabling the plugin or restricting access to the 'mlf_change_sort_type' AJAX action to trusted users only. Implementing Web Application Firewall (WAF) rules to detect and block suspicious SQL injection patterns targeting the 'sort_type' parameter can provide temporary protection. Review and tighten user role assignments to minimize the number of subscriber-level accounts and monitor for unusual account activity. Employ database query logging and anomaly detection to identify potential exploitation attempts. Additionally, ensure that WordPress core and all plugins are regularly updated to reduce exposure to known vulnerabilities. Conduct security audits focusing on input validation and parameter sanitization in custom or third-party plugins. Finally, maintain regular backups of the database and website files to enable rapid recovery in case of compromise.