CVE-2024-12613

Name of the Vulnerable Software and Affected Versions Passwords Manager plugin for WordPress versions 1.4.8 and earlier

Description The issue is related to SQL Injection via the $wpdb->prefix value in several AJAX functions due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This allows unauthenticated attackers to append additional SQL queries into already existing queries, which can be used to extract sensitive information from the database.

Recommendations For versions 1.4.8 and earlier, update to a version that includes a fix for this issue, as the current version allows for SQL Injection attacks due to insufficient input validation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.