CVE-2022-3300: 
WordPress vulnerability analysis and mitigation

The Form Maker by 10Web WordPress plugin before version 1.15.6 contains a SQL injection vulnerability identified as CVE-2022-3300. The vulnerability was discovered and publicly disclosed on October 3, 2022. This security flaw affects the plugin's parameter handling in SQL statements, which can be exploited by users with high-level privileges such as administrators (WPScan).

The vulnerability stems from improper sanitization and escaping of parameters before their use in SQL statements. The issue has been assigned a CVSS v3.1 base score of 7.2 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified as CWE-89 (SQL Injection) (NVD).

When exploited, this vulnerability could allow privileged users to perform SQL injection attacks against the affected WordPress installation. The high CVSS score indicates potential severe impacts on the confidentiality, integrity, and availability of the system (NVD).

The vulnerability has been patched in version 1.15.6 of the Form Maker plugin. Users are advised to update to this version or later to mitigate the risk (WPScan).