CVE-2024-6809

Name of the Vulnerable Software and Affected Versions: The Simple Video Directory WordPress plugin versions prior to 1.4.3

Description: The issue arises from the plugin's failure to properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.

Recommendations: For versions prior to 1.4.3, update to version 1.4.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX action to prevent unauthenticated users from exploiting the SQL injection vulnerability.