CVE-2024-47334

Name of the Vulnerable Software and Affected Versions Zoho Flow for WordPress versions 2.7.1 and earlier

Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This vulnerability allows for SQL Injection in Zoho Flow for WordPress. There is a risk of unauthenticated remote code execution.

Recommendations For versions 2.7.1 and earlier, update to a version later than 2.7.1 to mitigate the risk of exploitation. As a temporary workaround, consider restricting access to sensitive database elements until a patch is applied. Avoid using user-supplied input in SQL commands to minimize the risk of SQL Injection.