CVE-2024-11009: 
WordPress vulnerability analysis and mitigation

The Internal Linking for SEO traffic & Ranking – Auto internal links (100% automatic) plugin for WordPress is vulnerable to time-based SQL Injection in versions up to and including 1.2.1. The vulnerability exists in the 'post_id' parameter due to insufficient escaping of user-supplied input and inadequate preparation of SQL queries (NVD).

The vulnerability is classified as SQL Injection (CWE-89) and allows authenticated attackers with Administrator-level access to append additional SQL queries to existing queries. This can be exploited to extract sensitive information from the database. The vulnerability has been assigned a CVSS v3.1 Base Score of 4.9 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N (Wordfence).

The vulnerability allows authenticated administrators to potentially extract sensitive information from the WordPress database through SQL injection attacks. The impact is somewhat limited by the requirement of administrator-level access, but could still lead to unauthorized access to sensitive data stored in the database (NVD).

Users should update to a version newer than 1.2.1 when available. The vulnerability has been disclosed and a fix has been implemented in the plugin's repository (WordPress Plugin).