CVE-2024-7854: 
WordPress vulnerability analysis and mitigation

The Woo Inquiry plugin for WordPress contains a SQL Injection vulnerability (CVE-2024-7854) affecting all versions up to and including 0.1. The vulnerability was disclosed on August 21, 2024, and received a CVSS v3.1 base score of 9.8 (Critical) from NIST and 10.0 from Wordfence (NVD).

The vulnerability stems from insufficient escaping of the user-supplied parameter 'dbid' and inadequate preparation of existing SQL queries. This security flaw is classified as CWE-89 (Improper Neutralization of Special Elements used in an SQL Command). The critical CVSS score reflects the ease of exploitation, requiring no authentication or user interaction, and potentially leading to complete system compromise (NVD).

The vulnerability allows unauthenticated attackers to append additional SQL queries to existing ones, enabling them to extract sensitive information from the database. This could potentially lead to unauthorized access to confidential data, database manipulation, and complete system compromise (NVD).

Users should immediately update to a version newer than 0.1 if available, or consider removing the plugin until a patched version is released. Given the critical nature of the vulnerability, it's recommended to monitor database logs for suspicious activities and implement additional security measures at the web application firewall level (NVD).