CVE-2021-24458

Name of the Vulnerable Software and Affected Versions Popup box WordPress plugin versions prior to 2.3.4

Description The issue arises from the get ays popupboxes() and get popup categories() functions not validating the orderby parameter before using it in SQL statements, leading to SQL injection issues in the admin dashboard. This allows for potential manipulation of database queries.

Recommendations For versions prior to 2.3.4, update to version 2.3.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin dashboard to minimize the risk of exploitation.