CVE-2021-24457: 
WordPress vulnerability analysis and mitigation

The Portfolio Responsive Gallery WordPress plugin versions prior to 1.1.8 contained an authenticated SQL injection vulnerability (CVE-2021-24457). The vulnerability was discovered and publicly disclosed on June 29, 2021, affecting the plugin's admin dashboard functionality (WPScan).

The vulnerability exists in the get_portfolios() and get_portfolio_attributes() functions within the class-portfolio-responsive-gallery-list-table.php and class-portfolio-responsive-gallery-attributes-list-table.php files. The issue stems from insufficient validation of the orderby parameter before its use in SQL statements passed to the get_results() DB calls. The vulnerability has been assigned a CVSS score of 7.6 (High) and is classified as a SQL Injection (CWE-89) vulnerability (WPScan).

When exploited, this vulnerability could allow authenticated attackers to perform SQL injection attacks against the WordPress database, potentially leading to unauthorized access to sensitive data or manipulation of database contents (WPScan).

The vulnerability has been patched in version 1.1.8 of the Portfolio Responsive Gallery plugin. Users are advised to update to this version or later to protect against potential exploitation (WPScan).