CVE-2024-52436: 
WordPress vulnerability analysis and mitigation

A SQL Injection vulnerability (CVE-2024-52436) was discovered in Post SMTP WordPress plugin versions up to 2.9.9. The vulnerability was disclosed on November 15, 2024, and affects the Post SMTP plugin developed by WPExperts. This security issue allows for Blind SQL Injection when specific conditions are met (Patchstack).

The vulnerability is classified as an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'). It has received a CVSS v3.1 base score of 7.2 (HIGH) from NVD with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, while Patchstack assigned a score of 7.6 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L (NVD).

The vulnerability could allow a malicious actor to directly interact with the database, potentially leading to unauthorized access to sensitive information. The high CVSS score indicates significant potential impact on the confidentiality, integrity, and availability of the affected system (Patchstack).

The vulnerability has been fixed in Post SMTP version 2.9.10. Users are advised to update to version 2.9.10 or later to remove the vulnerability. Patchstack users can enable auto-update functionality for vulnerable plugins as an additional security measure (Patchstack).