CVE-2021-24361

Name of the Vulnerable Software and Affected Versions Location Manager WordPress plugin versions prior to 2.1.0.10

Description The issue arises from the AJAX action gd popular location list not properly sanitizing or validating some of its POST parameters, which are then used in a SQL statement. This leads to unauthenticated SQL Injection issues.

Recommendations For versions prior to 2.1.0.10, update to version 2.1.0.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the gd popular location list AJAX action to minimize the risk of exploitation.