CVE-2021-24360

Name of the Vulnerable Software and Affected Versions Yes/No Chart WordPress plugin versions prior to 1.0.12

Description The issue allows medium privilege users, specifically those with contributor or higher privileges, to perform Blind SQL Injection attacks due to the lack of sanitization of the sid shortcode parameter before its use in a SQL statement.

Recommendations For versions prior to 1.0.12, update to version 1.0.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the shortcode that utilizes the sid parameter to minimize the risk of exploitation.