CVE-2024-11372: 
WordPress vulnerability analysis and mitigation

The Connexion Logs WordPress plugin through version 3.0.2 contains a SQL injection vulnerability identified as CVE-2024-11372. The vulnerability was discovered by Régis SENET and was publicly disclosed on December 2, 2024. This security issue affects the WordPress plugin 'logs-de-connexion' and currently has no known fix (WPScan).

The vulnerability stems from improper input validation where the plugin fails to sanitize and escape a parameter before using it in a SQL statement. The vulnerability has been assigned a CVSS score of 7.2 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. It maps to OWASP Top 10 category A1: Injection and CWE-89 (WPScan, NVD).

The vulnerability allows administrators to perform SQL injection attacks against the WordPress database. While the impact is somewhat limited due to the requirement of administrative privileges, successful exploitation could potentially lead to unauthorized database access or manipulation (Wiz).

Currently, there is no known fix available for this vulnerability. Users of the Connexion Logs WordPress plugin should consider implementing additional security measures or temporarily disabling the plugin until a patch is released (Wiz).