CVE-2024-6926

Name of the Vulnerable Software and Affected Versions Viral Signup WordPress plugin versions 2.1 and earlier

Description The issue arises from the plugin's failure to properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.

Recommendations For Viral Signup WordPress plugin versions 2.1 and earlier, as a temporary workaround, consider disabling the AJAX action until a patch is available. Restrict access to the vulnerable parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.