CVE-2021-24877

Name of the Vulnerable Software and Affected Versions: MainWP Child WordPress plugin versions prior to 4.1.8

Description: The issue concerns an SQL injection that occurs due to the lack of validation of the orderby and order parameters before they are used in a SQL statement. This can be exploited by high-privilege users, such as admins, when a specific plugin, Backup and Staging by WP Time Capsule, is installed.

Recommendations: For versions prior to 4.1.8, update to version 4.1.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the orderby and order parameters in SQL statements until the update is applied.