CVE-2024-49609

Name of the Vulnerable Software and Affected Versions Brandon White Author Discussion versions 0.2.2 and earlier

Description The issue is related to an SQL Injection vulnerability, specifically a Blind SQL Injection, due to the improper neutralization of special elements used in an SQL command. This allows an attacker to potentially compromise data. The estimated number of affected devices is not specified.

Recommendations For versions 0.2.2 and earlier, update the plugin to the latest patched version immediately to mitigate the risk of data compromise. As a temporary workaround, consider restricting access to sensitive data until the update is applied.