CVE-2022-33960: 
WordPress vulnerability analysis and mitigation

CVE-2022-33960 affects the Social Share Buttons by Supsystic WordPress plugin versions 2.2.3 and below. The vulnerability was discovered and disclosed on June 9, 2022, by RE-ALTER. It involves multiple authenticated SQL Injection (SQLi) vulnerabilities that can be exploited by users with subscriber-level privileges or higher (Patchstack).

The vulnerability is classified as an SQL Injection (CWE-89) with a CVSS v3.1 base score of 8.8 (HIGH) according to NVD, and 8.5 (HIGH) according to Patchstack. The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating that the vulnerability can be exploited over the network, requires low attack complexity, needs low privileges, and can result in high impacts to confidentiality, integrity, and availability (NVD).

The vulnerability could allow a malicious actor with subscriber-level access to directly interact with the database, potentially leading to unauthorized data access and manipulation. This SQL injection vulnerability could result in information theft and potential database compromise (Patchstack).

The vulnerability has been fixed in version 2.2.4 of the Social Share Buttons by Supsystic plugin. Users are advised to update to version 2.2.4 or later to remove the vulnerability. Patchstack users can enable auto-update for vulnerable plugins (Patchstack).