CVE-2024-51837: 
WordPress vulnerability analysis and mitigation

A SQL Injection vulnerability (CVE-2024-51837) was discovered in SONS Creative Development's WP Contest WordPress plugin affecting versions up to 1.0.0. The vulnerability was reported by researcher LVT-tholv2k on October 26, 2024, and was publicly disclosed on November 8, 2024. The issue requires authenticated access with Contributor-level privileges or higher to exploit (Patchstack).

The vulnerability is classified as an Improper Neutralization of Special Elements used in an SQL Command (CWE-89). It received a CVSS v3.1 base score of 6.5 (Medium) from NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, while Patchstack assessed it at 8.5 (High) with a vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L (NVD).

The vulnerability could allow a malicious actor with authenticated access to directly interact with the database, potentially leading to unauthorized access to sensitive information. The attack primarily impacts data confidentiality, with high potential for information disclosure (Patchstack).

Currently, there is no official fix available for this vulnerability. The issue affects WP Contest plugin versions up to 1.0.0, and no patched version has been released (Patchstack).