Rule Category

SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.

Alert Message

SERVER-WEBAPP Wordpress wpdb SQL injection attempt

Rule Explanation

This event is generated when an attempt of perform an SQL injection to the Wordpress database, is detected Impact: Web Application Attack Details: This SQL injection is triggered when the $wpdb->prepare method, that Wordpress uses to send SQL queries to its database, receives a set of characters that can lead to the creation of unsafe queries and then allow the injection of unwanted data into the database. Ease of Attack: Medium since it requires an authenticated user to trigger the attack

What To Look For

No information provided

Known Usage

No public information

False Positives

No known false positives


Cisco Talos Intelligence Group

Rule Groups

No rule groups


Additional Links

Rule Vulnerability

CVE Additional Information

WordPress before 4.8.3 is affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi) in plugins and themes, as demonstrated by a "double prepare" approach, a different vulnerability than CVE-2017-14723.
Severity Base Score9.8
Impact Score5.9 Exploit Score3.9
Confidentiality ImpactHIGH Integrity ImpactHIGH
Availability ImpactHIGH Access Vector
Authentication Ease of Access