CVE-2021-24151: 
WordPress vulnerability analysis and mitigation

The WP Editor WordPress plugin before version 1.2.7 was identified with a security vulnerability tracked as CVE-2021-24151. The vulnerability was discovered by Nguyen Van Khanh from Sun* Cyber Security Research and was publicly disclosed on February 1, 2021. This security issue affects the plugin's settings functionality, specifically impacting WordPress installations running WP Editor versions prior to 1.2.7 (WPScan).

The vulnerability is classified as a blind SQL injection (CWE-89) that occurs due to improper sanitization and validation of setting fields. The issue manifests when making requests to save settings through an arbitrary parameter. The vulnerability has received a CVSS v3.1 base score of 7.2 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, indicating network accessibility with high privileges required (NVD).

The successful exploitation of this vulnerability could allow an authenticated user with administrative privileges to perform SQL injection attacks, potentially leading to unauthorized access to or modification of the database content. The high CVSS score indicates significant potential impact on the confidentiality, integrity, and availability of the affected system (NVD).

The vulnerability has been patched in WP Editor version 1.2.7. Website administrators running affected versions should immediately upgrade to version 1.2.7 or later to mitigate this security risk (WPScan).