CVE-2021-24507: 
WordPress vulnerability analysis and mitigation

CVE-2021-24507 is an SQL Injection vulnerability discovered in the Astra Pro Addon WordPress plugin versions below 3.5.2. The vulnerability was publicly disclosed on July 8, 2021, affecting the plugin's pagination functionality. The issue stems from improper sanitization of POST parameters in the astrapaginationinfinite and astrashoppagination_infinite AJAX actions, which are accessible to both authenticated and unauthenticated users (WPScan).

The vulnerability occurs due to insufficient sanitization and escaping of POST parameters in the AJAX actions astrapaginationinfinite and astrashoppagination_infinite. These parameters are directly used in SQL statements without proper security measures, leading to potential SQL injection attacks. The vulnerability has been assigned a CVSS score of 8.6 (High), indicating its serious nature. The issue falls under the OWASP Top 10 category A1: Injection and is classified as CWE-89 (WPScan, Patchstack).

The vulnerability allows both authenticated and unauthenticated users to perform SQL injection attacks against affected websites. This could potentially lead to unauthorized access to the database, data theft, and manipulation of database contents (Patchstack).

The vulnerability has been patched in Astra Pro Addon version 3.5.2. Website administrators are strongly advised to update to this version or later to protect against potential attacks. No alternative workarounds have been published (WPScan).