CVE-2021-24629: 
WordPress vulnerability analysis and mitigation

The Post Content XMLRPC WordPress plugin through version 1.0 contains a SQL injection vulnerability (CVE-2021-24629) that affects authenticated users with administrator privileges. The vulnerability was discovered by Shreya Pohekar of Codevigilant Project and was publicly disclosed on October 7, 2021 (WPScan, CodeVigilant).

The vulnerability exists due to improper sanitization of multiple GET/POST parameters in the admin dashboard before using them in SQL statements. Specifically, the edit site functionality takes a GET parameter 'id' that is directly inserted into SQL queries without proper validation or escaping. The vulnerable code is located in list_sites.php on line 103. The CVSS score for this vulnerability is 7.6 (High), and it is classified as an SQL Injection vulnerability under OWASP Top 10 category A1: Injection and CWE-89 (WPScan).

An authenticated attacker with administrator privileges can execute arbitrary SQL queries against the WordPress database, potentially leading to unauthorized data access, modification, or deletion of database contents (CodeVigilant).

There is no known fix for this vulnerability as the plugin has been closed. Users are advised to remove the plugin from their WordPress installations (WPScan).