CVE-2021-24393: 
WordPress vulnerability analysis and mitigation

The Comment Highlighter WordPress plugin through version 0.13 contains a SQL injection vulnerability identified as CVE-2021-24393. The vulnerability was discovered by Syed Sheeraz Ali of Codevigilant and was first identified on May 9, 2021. The issue affects the plugin's handling of the 'c' GET parameter, which is not properly sanitized before being used in database queries (CodeVigilant, WPScan).

The vulnerability exists in the admin/section/swiftbook-add-email-templates.php file at line 30, specifically in the comment_highlighter.php file at line 252. The issue stems from an unsanitized GET parameter 'c' being directly inserted into a SQL query. The vulnerability has been assigned a CVSS score of 6.7 (medium) and is classified as CWE-89 (SQL Injection). Administrator-level access is required to exploit this vulnerability (CodeVigilant, WPScan).

If exploited, this vulnerability could allow an authenticated administrator to perform SQL injection attacks against the WordPress database, potentially leading to unauthorized data access or manipulation (WPScan).

As of the disclosure, there is no known fix for this vulnerability. The plugin was closed on June 10, 2021, following the vulnerability disclosure (CodeVigilant).