CVE-2021-24303: 
WordPress vulnerability analysis and mitigation

CVE-2021-24303 is a SQL injection vulnerability discovered in the JiangQie Official Website Mini Program WordPress plugin versions before 1.1.1. The vulnerability was identified on January 14, 2021, and affects the plugin's feedback management functionality (CVE Mitre, WPScan).

The vulnerability stems from improper handling of the 'id' GET parameter in the plugin's admin interface. When processing feedback details, the plugin directly uses the unvalidated and unescaped 'id' parameter in SQL statements, making it susceptible to SQL injection attacks. The vulnerability has been assigned a CVSS score of 9.0 (Critical) and is classified under CWE-89 (SQL Injection) (WPScan).

If exploited, this vulnerability could allow authenticated attackers to manipulate SQL queries, potentially leading to unauthorized access to the database, data manipulation, or deletion of records. An attacker with admin access could execute arbitrary SQL commands, including the ability to delete all feedback records (WPScan).

The vulnerability has been patched in version 1.1.1 of the JiangQie Official Website Mini Program plugin. Users are advised to update to this version or later to mitigate the risk (WPScan).