CVE-2021-24629

Name of the Vulnerable Software and Affected Versions Post Content XMLRPC WordPress plugin version 1.0

Description The issue concerns an authenticated SQL injection. It occurs because the plugin does not properly sanitise or escape multiple GET and POST parameters, such as username and password, before using them in SQL statements in the admin dashboard. This allows an attacker to inject malicious SQL code.

Recommendations For Post Content XMLRPC WordPress plugin version 1.0, consider disabling the plugin until a patch is available to prevent exploitation. Restrict access to the admin dashboard to minimize the risk of authenticated SQL injection attacks. Avoid using vulnerable parameters in SQL statements until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.