CVE-2024-7766: 
WordPress vulnerability analysis and mitigation

The Adicon Server WordPress plugin through version 1.2 contains a SQL injection vulnerability identified as CVE-2024-7766. The vulnerability was discovered by Sumit Patel and was publicly disclosed on August 22, 2024. This security flaw affects the WordPress plugin 'adicons' up to version 1.2, where a parameter is not properly sanitized and escaped in SQL statements (WPScan).

The vulnerability is classified as a SQL Injection (CWE-89) with a CVSS v3.1 base score of 7.2 (HIGH), and vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. The issue stems from improper neutralization of special elements used in SQL commands, specifically in the handling of the 'adStatus' parameter. The vulnerability requires administrative privileges to exploit (NVD).

When successfully exploited, this vulnerability could allow authenticated administrators to perform SQL injection attacks, potentially leading to unauthorized access to the database, data manipulation, and possible system compromise. The high CVSS score indicates significant potential impact on the confidentiality, integrity, and availability of the affected system (NVD).

Currently, there is no known fix available for this vulnerability. Users of the Adicon Server WordPress plugin should consider removing or disabling the plugin until a security patch is released (WPScan).