CVE-2022-0383: 
WordPress vulnerability analysis and mitigation

CVE-2022-0383 affects the WP Review Slider WordPress plugin versions before 11.0. The vulnerability was discovered and publicly disclosed on January 31, 2022, by security researcher Felipe de Avila. The issue exists in the plugin's Twitter source copying functionality, where the pid parameter is not properly sanitized and escaped (WPScan).

The vulnerability is classified as an SQL Injection (CWE-89) with a CVSS v3.1 base score of 7.2 (HIGH). The attack vector requires high privileges and no user interaction, with the potential to impact confidentiality, integrity, and availability (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). The vulnerability specifically occurs when copying a Twitter source, where the pid parameter is not properly sanitized, allowing for SQL injection attacks (NVD).

If exploited, this vulnerability could allow high-privilege users to perform SQL injection attacks against the WordPress database. This could potentially lead to unauthorized access to sensitive data, manipulation of database contents, and possible exposure of user credentials (WPScan).

The vulnerability has been fixed in WP Review Slider version 11.0. Users are strongly advised to update to this version or later to protect against potential SQL injection attacks (WordPress Changelog).