CVE-2021-24132

Name of the Vulnerable Software and Affected Versions: The Slider by 10Web WordPress plugin versions prior to 1.2.36

Description: The issue allows a high privileged user, such as an Admin, or a medium privileged user, like Contributor+, to perform SQL Injection attacks if "Role Options" is turned on for other users. This is due to vulnerabilities in the bulk action, export full, and save slider db functionalities of the plugin.

Recommendations: For versions prior to 1.2.36, update to version 1.2.36 or later to resolve the issue. As a temporary workaround, consider restricting access to the bulk action, export full, and save slider db functionalities until a patch is applied. Additionally, review and restrict "Role Options" for non-admin users to minimize the risk of exploitation.