CVE-2022-3481: 
WordPress vulnerability analysis and mitigation

CVE-2022-3481 is a security vulnerability affecting the WooCommerce Dropshipping WordPress plugin versions before 4.4. The vulnerability was discovered and publicly disclosed on October 17, 2022. The issue affects the plugin's REST endpoint functionality that is accessible to unauthenticated users (WPScan).

The vulnerability is classified as an SQL injection vulnerability with a CVSS score of 8.6 (high). The core issue stems from improper sanitization and escaping of a parameter before its use in SQL statements via a REST endpoint that is accessible to unauthenticated users. The vulnerable endpoint is located at '/wp-json/woo-aliexpress/v1/product-sku' and can be exploited through POST requests. The vulnerability falls under the OWASP Top 10 category A1: Injection and is classified as CWE-552 (WPScan).

As an SQL injection vulnerability accessible to unauthenticated users, successful exploitation could allow attackers to manipulate the underlying database, potentially leading to unauthorized access to sensitive data, modification of database contents, or compromise of the WordPress installation (WPScan).

The vulnerability has been fixed in version 4.4 of the WooCommerce Dropshipping plugin. Users are advised to update to this version or later to mitigate the risk (WPScan).