CVE-2024-49297: 
WordPress vulnerability analysis and mitigation

An SQL Injection vulnerability was discovered in the Zoho CRM Lead Magnet WordPress plugin affecting versions through 1.7.9.0. The vulnerability was disclosed on October 15, 2024, and was assigned CVE-2024-49297. This security issue affects the WordPress plugin Zoho CRM Lead Magnet and allows authenticated users with Contributor or higher privileges to perform SQL injection attacks (Patchstack).

The vulnerability is classified as an SQL Injection (CWE-89) which involves improper neutralization of special elements used in SQL commands. The severity of this vulnerability has been rated with a CVSS v3.1 base score of 8.5 (HIGH) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L (NVD).

The SQL injection vulnerability could allow malicious actors to directly interact with the database, potentially leading to unauthorized access to sensitive information. The high CVSS score indicates significant potential impact, particularly regarding data confidentiality and system availability (Patchstack).

The vulnerability has been patched in version 1.7.9.8 of the Zoho CRM Lead Magnet plugin. Users are advised to update to this version or later to remove the vulnerability. The fix is considered a low-priority update due to the authentication requirement, though updating is still recommended (Patchstack).