CVE-2024-13844

Name of the Vulnerable Software and Affected Versions Post SMTP plugin for WordPress versions up to and including 3.1.2

Description The issue allows authenticated attackers with Administrator-level access and above to perform generic SQL Injection via the columns parameter due to insufficient escaping and lack of preparation on the existing SQL query. This enables attackers to append additional SQL queries to extract sensitive information from the database.

Recommendations For Post SMTP plugin for WordPress versions up to and including 3.1.2, consider updating to a version that includes a fix for this issue, as no specific workaround is provided for these versions. As a temporary mitigation measure, restrict access to the columns parameter to minimize the risk of exploitation.