CVE-2021-24396

Name of the Vulnerable Software and Affected Versions GSEOR – WordPress SEO Plugin versions through 1.3

Description The issue arises from the pageid GET parameter not being sanitised, escaped, or validated before being inserted into a SQL statement, leading to SQL injection. This allows for potential manipulation of database queries.

Recommendations For GSEOR – WordPress SEO Plugin versions through 1.3, consider disabling the pageid GET parameter until a patch is available to prevent SQL injection attacks. Restrict access to SQL queries to minimize the risk of exploitation. Avoid using the pageid parameter in affected API endpoints until the issue is resolved.