CVE-2024-13726

Name of the Vulnerable Software and Affected Versions Coder WordPress plugin versions 1.3.4 and earlier

Description The issue arises from the plugin's failure to properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.

Recommendations For versions 1.3.4 and earlier, update to a version that properly sanitises and escapes parameters used in SQL statements. As a temporary workaround, consider restricting access to the AJAX action to authenticated users only until a patch is available.