CVE-2021-24627

Name of the Vulnerable Software and Affected Versions The G Auto-Hyperlink WordPress plugin versions 1.0.0 through 1.0.1

Description The issue is related to an authenticated SQL injection. The id GET parameter is not properly sanitized or escaped before being used in a SQL statement to select data for display in the admin dashboard. This leads to an authenticated SQL injection.

Recommendations For versions 1.0.0 through 1.0.1, as a temporary workaround, consider restricting access to the admin dashboard until a patch is available. Avoid using the id GET parameter in the affected SQL statement until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.