CVE-2024-49305: 
WordPress vulnerability analysis and mitigation

An SQL Injection vulnerability (CVE-2024-49305) was discovered in WPFactory Email Verification for WooCommerce plugin versions through 2.8.10. The vulnerability was disclosed on October 15, 2024, and affects the core functionality of the plugin (Patchstack).

The vulnerability is classified as an SQL Injection (CWE-89) with a CVSS v3.1 base score of 9.3 (Critical), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L. This indicates that the vulnerability can be exploited remotely without requiring authentication or user interaction (NVD).

The SQL injection vulnerability could allow malicious actors to directly interact with the database, potentially leading to unauthorized access to sensitive information and data theft. The high CVSS score indicates that this vulnerability is considered highly dangerous and is expected to become mass exploited (Patchstack).

Users are advised to update to version 2.9.0 or later which contains the fix for this vulnerability. For Patchstack users, a virtual patch has been issued to mitigate this issue by blocking any attacks until the update to a fixed version can be completed (Patchstack).