CVE-2021-39351

Name of the Vulnerable Software and Affected Versions: WP Bannerize WordPress plugin versions 2.0.0 through 4.0.2

Description: The WP Bannerize WordPress plugin is vulnerable to authenticated SQL injection via the id parameter found in the ~/Classes/wpBannerizeAdmin.php file, which allows attackers to exfiltrate sensitive information from vulnerable sites.

Recommendations: For versions 2.0.0 through 4.0.2, as a temporary workaround, consider restricting access to the ~/Classes/wpBannerizeAdmin.php file or disabling the use of the id parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.