CVE-2021-24869: 
WordPress vulnerability analysis and mitigation

The WP Fastest Cache WordPress plugin before version 0.9.5 contains a SQL injection vulnerability (CVE-2021-24869) that affects the set_urls_with_terms method. The vulnerability allows low-privilege users, such as subscribers, to perform SQL injection attacks due to improper escaping of user input before its use in SQL statements (Jetpack Blog, WPScan).

The vulnerability exists in the set_urls_with_terms method where user input is directly concatenated into SQL queries without proper sanitization. The issue is exploitable when the classic-editor plugin is installed and activated. The vulnerability received a CVSS v3.1 score of 8.8 (HIGH) and is classified under CWE-89 (SQL Injection) (Jetpack Blog, NVD).

If successfully exploited, attackers could gain access to privileged information from the affected site's database, including usernames and hashed passwords. The vulnerability could potentially compromise sensitive database information when exploited by authenticated users with low-level privileges (Malwarebytes, Jetpack Blog).

Website owners are strongly advised to update to WP Fastest Cache version 0.9.5 or later, which contains the fix for this vulnerability. At the time of the initial disclosure, approximately 650,000 instances were still running vulnerable versions (Malwarebytes).