Secure Your Database from SQL Injection Vulnerabilities
CVE-2024-8621
6.5MEDIUM
What is CVE-2024-8621?
The Daily Prayer Time plugin for WordPress has a security flaw allowing SQL Injection via the 'max_word' attribute of the 'quran_verse' shortcode. This vulnerability arises from inadequate escaping of user-supplied parameters and insufficient preparation of existing SQL queries. Authenticated attackers with Contributor-level access or higher can exploit this issue to inject additional SQL queries. The exploitation may lead to unauthorized access to sensitive data stored within the database, putting user and site information at risk. Immediate action is advised to mitigate potential exploits.