CVE-2021-24497: 
WordPress vulnerability analysis and mitigation

The Giveaway WordPress plugin through version 1.2.2 contains an SQL Injection vulnerability (CVE-2021-24497). The vulnerability was discovered by Mesut Cetin and was publicly disclosed on July 20, 2021. This security issue affects the WordPress plugin 'Giveaway' and specifically impacts administrative users who have access to the plugin's settings page (WPScan).

The vulnerability is classified as an SQL Injection (SQLI) issue with a CVSS score of 8.2 (high severity). It is categorized under OWASP Top 10 A1: Injection and CWE-89. The vulnerability specifically allows an administrative user to execute arbitrary SQL commands via the $post_id parameter on the options.php page (WPScan).

When exploited, this vulnerability allows authenticated administrative users to execute arbitrary SQL commands on the affected WordPress installation's database. This could potentially lead to unauthorized data access, manipulation, or corruption of the database (WPScan).

As of the last update, there is no known fix available for this vulnerability. Users of the Giveaway plugin version 1.2.2 or lower should consider either removing the plugin or implementing additional security measures to restrict access to the plugin's settings page (WPScan).