CVE-2021-24337

Name of the Vulnerable Software and Affected Versions Video Embed WordPress plugin versions 1.0 and earlier

Description The issue concerns the id GET parameter in one of the Video Embed WordPress plugin's pages, which is accessible via forced browsing. This parameter is not sanitized, validated, or escaped before being used in a SQL statement, allowing low-privilege users, such as subscribers, to perform SQL injection.

Recommendations For Video Embed WordPress plugin versions 1.0 and earlier, consider disabling the vulnerable page or restricting access to it until a patch is available. Avoid using the id GET parameter in the affected page until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.