CVE-2024-9879: 
WordPress vulnerability analysis and mitigation

The Melapress File Monitor WordPress plugin before version 2.1.1 contains a SQL injection vulnerability (CVE-2024-9879). The vulnerability was discovered and disclosed in May 2024, affecting the plugin's file monitoring functionality. The issue stems from insufficient sanitization and escaping of a parameter before its use in SQL statements (WPScan).

The vulnerability exists in the file monitoring functionality where a parameter is not properly sanitized and escaped before being used in SQL statements. The issue can be triggered through the Files Added Events feature in the File Monitoring section. The vulnerability has been assigned a CVSS v3.1 score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N. The weakness is classified as CWE-89: Improper Neutralization of Special Elements used in an SQL Command (NVD).

If exploited, this vulnerability allows authenticated administrators to perform SQL injection attacks against the WordPress database. This could potentially lead to unauthorized access to database contents and possible manipulation of stored data (WPScan).

The vulnerability has been patched in version 2.1.1 of the Melapress File Monitor plugin. Users are advised to update to this version or later to mitigate the risk (WPScan).