The Codemstory 워드프레스 결제 심플페이 plugin contains a critical SQL injection vulnerability that allows unauthenticated attackers to compromise sensitive database information.

This is an unauthenticated SQL injection vulnerability where the plugin fails to sanitize user-supplied input before including it in database queries. An attacker can craft malicious requests to extract, modify, or delete data from the WordPress database without requiring any authentication.

A successful exploit poses a severe risk to data integrity and confidentiality, potentially leading to a full database compromise. With a CVSS score of 9.3, this flaw is categorized as critical, as it allows attackers to bypass standard access controls to exfiltrate customer payment information or administrative credentials.

Immediate Action: Update the 워드프레스 결제 심플페이 plugin to the latest available version provided by Codemstory.

Proactive Monitoring: Review web server and database logs for anomalous SQL syntax, such as UNION statements or unexpected character patterns, originating from unauthenticated sessions.

Compensating Controls: Deploy a Web Application Firewall (WAF) with updated rulesets to detect and block common SQL injection payloads targeting WordPress plugins.

Public Exploit Available: No

Given the critical nature of this SQL injection vulnerability, immediate patching is required to prevent unauthorized database access. Administrators should prioritize updating the plugin across all affected WordPress environments to mitigate the risk of data exfiltration.