CVE-2021-24497

Name of the Vulnerable Software and Affected Versions Giveaway WordPress plugin versions 1.2.2 and earlier

Description The issue allows an administrative user to execute arbitrary SQL commands via the $post id on the "options.php" page. This is an SQL Injection issue.

Recommendations For Giveaway WordPress plugin versions 1.2.2 and earlier, update to a version later than 1.2.2 to resolve the issue. As a temporary workaround, consider restricting access to the "options.php" page to minimize the risk of exploitation. Avoid using the $post id variable in the affected page until the issue is resolved.