CVE-2021-24866: 
WordPress vulnerability analysis and mitigation

The vulnerability CVE-2021-24866 affects the WP Data Access WordPress plugin versions before 5.0.0. The vulnerability was discovered by ZhongFu Su(JrXnm) of Wuhan University and was publicly disclosed on November 8, 2021. This security flaw exists in the plugin's backup functionality where the backup_date parameter is not properly sanitized and escaped before being used in SQL statements (WPScan, CVE Mitre).

The vulnerability is classified as a SQL Injection (SQLI) issue, falling under the OWASP Top 10 category A1: Injection and CWE-89. It has been assigned a CVSS score of 8.7 (High), indicating its serious nature. The technical issue stems from improper sanitization and escaping of the backup_date parameter in SQL statements, which could potentially lead to arbitrary table deletion (WPScan).

The exploitation of this vulnerability could allow attackers to perform arbitrary table deletion in the database, potentially leading to data loss and system compromise (WPScan).

The vulnerability has been fixed in version 5.0.0 of the WP Data Access plugin. Users are advised to update to this version or later to mitigate the risk (WPScan).