CVE-2024-10499: 
WordPress vulnerability analysis and mitigation

The AI Engine WordPress plugin versions before 2.6.5 contains a SQL injection vulnerability identified as CVE-2024-10499. The vulnerability was discovered by Emiliano Versini and publicly disclosed on November 21, 2024. This security issue affects the plugin's REST API endpoint, specifically impacting installations where users with administrative privileges can access the plugin's functionality (WPScan Vuln).

The vulnerability stems from improper sanitization and escaping of parameters in one of the plugin's REST API endpoints before using it in SQL statements. The issue has been assigned a CVSS 3.1 base score of 7.2 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, indicating network accessibility with high privileges required (NVD).

If exploited, this vulnerability allows authenticated administrators to perform SQL injection attacks against the affected WordPress installation. This could potentially lead to unauthorized database access, manipulation of data, and possible compromise of the WordPress site's database integrity (WPScan Vuln).

The vulnerability has been patched in version 2.6.5 of the AI Engine WordPress plugin. Site administrators are strongly advised to update to this version or later to mitigate the risk (WPScan Vuln).