CVE-2024-7827: 
WordPress vulnerability analysis and mitigation

The Shopping Cart & eCommerce Store plugin for WordPress (WP EasyCart) contains a boolean-based SQL Injection vulnerability (CVE-2024-7827) discovered in versions up to and including 5.7.2. The vulnerability exists in the 'model_number' parameter due to insufficient escaping of user-supplied input and inadequate preparation of SQL queries (NVD).

The vulnerability is classified as an SQL Injection (CWE-89) with a CVSS v3.1 Base Score of 8.8 HIGH (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The issue stems from improper neutralization of special elements used in SQL commands, allowing authenticated users with Contributor-level access or higher to append additional SQL queries to existing ones (NVD).

Successful exploitation of this vulnerability could allow authenticated attackers to extract sensitive information from the database by injecting malicious SQL queries. The high CVSS score indicates potential severe impacts on confidentiality, integrity, and availability of the system (NVD).

Users should update their WP EasyCart plugin to a version newer than 5.7.2 to address this vulnerability. The fix has been implemented in the plugin's repository (WordPress Plugin).