CVE-2021-24398: 
WordPress vulnerability analysis and mitigation

The Responsive 3D Slider WordPress plugin through version 1.2 contains an SQL injection vulnerability (CVE-2021-24398) discovered by Syed Sheeraz Ali of Codevigilant. The vulnerability was publicly disclosed on August 22, 2021, and affects the Add new scene functionality in the plugin (WPScan, CodeVigilant).

The vulnerability exists in the Add new scene functionality where the 'id' parameter is not properly sanitized, escaped, or validated before being inserted into SQL statements. This is a time-based SQL injection vulnerability, and the vulnerable parameter is passed twice in the same function, resulting in doubled execution time for injected delays. The vulnerability has been assigned a CVSS score of 6.7 (medium) and is classified under CWE-89 (WPScan).

When successfully exploited, this vulnerability could allow authenticated attackers with administrator privileges to execute arbitrary SQL commands against the WordPress database, potentially leading to unauthorized data access, modification, or deletion of database contents (CodeVigilant).

No known fix has been released for this vulnerability. Users of the Responsive 3D Slider plugin (morpheus-slider) should consider either removing the plugin or implementing additional security controls to restrict access to the vulnerable functionality (WPScan).