CVE-2021-24952

Name of the Vulnerable Software and Affected Versions Conversios.io WordPress plugin versions prior to 4.6.2

Description The issue allows any authenticated user to perform SQL injection attacks due to the lack of sanitization, validation, and escaping of the sync progressive data parameter for the "tvcajax product sync bantch wise" AJAX action, which is then used in a SQL statement.

Recommendations For versions prior to 4.6.2, update to version 4.6.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "tvcajax product sync bantch wise" AJAX action to minimize the risk of exploitation. Avoid using the sync progressive data parameter in the affected AJAX endpoint until the issue is resolved.