CVE-2021-24848

Name of the Vulnerable Software and Affected Versions: Mediamatic WordPress plugin versions prior to 2.8.1

Description: The issue concerns the mediamaticAjaxRenameCategory AJAX action, which is accessible to any authenticated user. It fails to sanitize the categoryID parameter before using it in a SQL statement, leading to an SQL injection.

Recommendations: For versions prior to 2.8.1, update to version 2.8.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the mediamaticAjaxRenameCategory AJAX action to minimize the risk of exploitation.