CVE-2024-11009

Name of the Vulnerable Software and Affected Versions Internal Linking for SEO traffic & Ranking – Auto internal links plugin for WordPress versions up to 1.2.1

Description The issue is related to a time-based SQL Injection vulnerability via the post id parameter. This vulnerability is caused by insufficient escaping on the user-supplied parameter and a lack of sufficient preparation on the existing SQL query. As a result, authenticated attackers with Administrator-level access and above can append additional SQL queries to existing queries, potentially extracting sensitive information from the database.

Recommendations For versions up to 1.2.1, update to a version higher than 1.2.1 to resolve the issue. As a temporary workaround, consider restricting access to the post id parameter to minimize the risk of exploitation. At the moment, there is no information about additional mitigation measures.