CVE-2024-1981

Name of the Vulnerable Software and Affected Versions Migration, Backup, Staging – WPvivid plugin for WordPress version 0.9.68

Description The issue arises from insufficient escaping on the user-supplied table prefix parameter and lack of sufficient preparation on the existing SQL query, making it possible for unauthenticated attackers to append additional SQL queries into already existing queries. This can be used to extract sensitive information from the database.

Recommendations For version 0.9.68, consider disabling the table prefix parameter until a patch is available to prevent SQL injection attacks. Restrict access to sensitive database information to minimize the risk of exploitation. Avoid using the table prefix parameter in existing SQL queries until the issue is resolved.