CVE-2024-55978: 
WordPress vulnerability analysis and mitigation

The Code Generator Pro WordPress plugin contains an SQL Injection vulnerability (CVE-2024-55978) affecting versions up to and including 1.2. The vulnerability was discovered by researcher LVT-tholv2k and publicly disclosed on December 14, 2024. This security issue affects WalletStation.com's Code Generator Pro plugin and allows unauthenticated attackers to perform SQL injection attacks (Patchstack, WPScan).

The vulnerability is classified as an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. It stems from insufficient escaping of user-supplied parameters and lack of proper preparation in existing SQL queries. The vulnerability has received a CVSS v3.1 base score of 9.3 (Critical), with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L (NVD).

This vulnerability allows unauthenticated attackers to append additional SQL queries to existing queries, potentially leading to extraction of sensitive information from the database. The high CVSS score indicates critical severity, suggesting significant potential impact on system confidentiality and availability (WPScan).

Currently, there is no known official fix available for this vulnerability. Patchstack has issued a virtual patch to mitigate the issue by blocking potential attacks until an official fix becomes available (Patchstack).