CVE-2021-24395: 
WordPress vulnerability analysis and mitigation

CVE-2021-24395 affects the Embed Youtube Video WordPress plugin through version 1.0. The vulnerability was discovered by Syed Sheeraz Ali of Codevigilant and was first identified on May 9, 2021, with public disclosure occurring on July 23, 2021. The issue was assigned a CVE on June 10, 2021, the same day the plugin was closed (CodeVigilant).

The vulnerability is classified as an SQL injection (SQLI) with a CVSS score of 6.7 (medium severity). The issue exists in the editid GET parameter of the plugin, which is not properly sanitized, escaped, or validated before being inserted into SQL statements. The vulnerable code is located in options.php line 65, where user input is directly concatenated into an SQL query (WPScan, CodeVigilant).

This SQL injection vulnerability could allow authenticated users with administrator access to execute arbitrary SQL commands against the WordPress database, potentially leading to unauthorized data access or manipulation (WPScan).

As of the vulnerability disclosure, there is no known fix available for this issue. The plugin has been closed since June 10, 2021. Users are advised to remove the plugin and find alternative solutions for embedding YouTube videos (WPScan).