CVE-2021-24747

Name of the Vulnerable Software and Affected Versions: SEO Booster WordPress plugin versions prior to 3.8

Description: The issue allows for authenticated SQL injection via the "fn my ajaxified dataloader ajax" AJAX request. The $ REQUEST['order'][0]['dir'] parameter is not properly escaped, leading to blind and error-based SQL injections.

Recommendations: For versions prior to 3.8, update to version 3.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the "fn my ajaxified dataloader ajax" AJAX request until the update is applied. Avoid using the $ REQUEST['order'][0]['dir'] parameter in the affected AJAX endpoint until the issue is resolved.