CVE-2021-24769

Name of the Vulnerable Software and Affected Versions Permalink Manager Lite WordPress plugin versions prior to 2.2.13.1

Description The issue is related to the failure to validate and escape the orderby parameter before using it in a SQL statement in the Permalink Manager page, leading to a SQL Injection. This could allow a remote attacker to execute arbitrary SQL code.

Recommendations For Permalink Manager Lite WordPress plugin versions prior to 2.2.13.1, update to version 2.2.13.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Permalink Manager page to minimize the risk of exploitation. Avoid using the orderby parameter in the affected page until the issue is resolved.