CVE-2024-1698: 
WordPress vulnerability analysis and mitigation

The NotificationX WordPress plugin (versions up to 2.8.2) contains a critical SQL Injection vulnerability (CVE-2024-1698) discovered in February 2024. The vulnerability exists in the 'type' parameter due to insufficient escaping of user-supplied input and inadequate SQL query preparation. This security flaw affects over 30,000 installations of the plugin (Security Online).

The vulnerability received a CVSS v3.1 score of 9.8 (Critical), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The flaw allows unauthenticated attackers to append additional SQL queries to existing queries due to improper input sanitization of the 'type' parameter (NVD, Wordfence).

The successful exploitation of this vulnerability could lead to unauthorized access to sensitive database information, including usernames, hashed passwords, and customer information. Additionally, attackers could potentially manipulate database contents, leading to website defacement and potential distribution of malware (Security Online).

Website administrators running affected versions of the NotificationX plugin should immediately update to version 2.8.3 or later, which contains the security patch. No alternative workarounds are currently available (Security Online).