CVE-2021-24451

Name of the Vulnerable Software and Affected Versions Export Users With Meta WordPress plugin versions prior to 0.6.5

Description The issue concerns an authenticated SQL Injection in the export functionality of the plugin, which is available to admins. This occurs because the list of roles to export is not properly escaped before being used in a SQL statement.

Recommendations For versions prior to 0.6.5, update to version 0.6.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the export functionality to minimize the risk of exploitation.