CVE-2024-51608: 
WordPress vulnerability analysis and mitigation

The AmaDiscount WordPress plugin, developed by Pluginhandy, contains an SQL Injection vulnerability (CVE-2024-51608) affecting versions up to and including 1.0. The vulnerability was discovered and publicly disclosed on October 31, 2024. This security issue stems from insufficient escaping of user-supplied parameters and inadequate preparation of SQL queries (WPScan).

The vulnerability is classified as an SQL Injection (CWE-89) with a CVSS v3.1 base score of 8.8 HIGH (NIST: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The issue allows authenticated attackers with contributor-level access or higher to append additional SQL queries to existing ones, potentially enabling the extraction of sensitive information from the database (NVD, Patchstack).

The vulnerability enables authenticated attackers to interact directly with the database, potentially leading to unauthorized access to sensitive information, data manipulation, and possible database compromise (Patchstack).

Currently, there is no official fix available for this vulnerability. Website administrators running affected versions should consider implementing additional security measures or temporarily disabling the plugin until a patch is released (Patchstack).