CVE-2024-8621: 
WordPress vulnerability analysis and mitigation

The Daily Prayer Time plugin for WordPress contains a SQL Injection vulnerability (CVE-2024-8621) in all versions up to and including 2024.08.26. The vulnerability exists in the 'maxword' attribute of the 'quranverse' shortcode due to insufficient escaping of user-supplied parameters and inadequate SQL query preparation (NVD).

The vulnerability is classified as SQL Injection (CWE-89) with a CVSS v3.1 base score of 9.9 (CRITICAL) according to Wordfence, and 6.5 (MEDIUM) according to NIST. The attack vector is network-accessible (AV:N) with low attack complexity (AC:L) and requires low privileges (PR:L). The vulnerability allows authenticated attackers with Contributor-level access or higher to append additional SQL queries to existing ones (NVD, Wordfence).

The vulnerability enables authenticated attackers to extract sensitive information from the database by injecting malicious SQL queries. This could potentially lead to unauthorized access to sensitive data stored in the WordPress database (NVD).

Users should update to a version newer than 2024.08.26 which contains the security fix. A patch has been made available through the WordPress plugin repository (WordPress).