This vulnerability involves improper neutralization of special elements used in SQL commands within the Multi CryptoCurrency Payments plugin by Alex Zaytseff, leading to SQL Injection. It affects all versions up to 2.0.7. The CVSS 3.1 score of 9.3 reflects a critical risk due to the ability to execute SQL commands remotely without authentication or user interaction, impacting confidentiality and availability of the affected system's data. No vendor advisory or patch information is available, and the product is not a cloud service, so remediation depends on vendor updates or user action.

Successful exploitation could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the backend database, potentially leading to data disclosure (confidentiality impact) and partial denial of service (availability impact). Integrity impact is not indicated. The vulnerability is critical due to ease of exploitation and significant confidentiality impact.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official patch or fix information is provided, users should monitor for vendor updates and consider applying any forthcoming patches promptly. Until a fix is available, restricting access to the affected plugin and minimizing exposure may reduce risk.