CVE-2022-4230: 
WordPress vulnerability analysis and mitigation

CVE-2022-4230 is a SQL Injection vulnerability affecting the WP Statistics WordPress plugin versions below 13.2.9. The vulnerability was discovered by Jordy Versmissen and publicly disclosed on December 27, 2022. The issue affects the plugin's parameter handling functionality, which is accessible to authenticated users (WPScan).

The vulnerability stems from improper parameter escaping in the WP Statistics plugin. By default, the affected feature is accessible to users with manage_options capability (administrator level), though plugin settings can allow lower-privileged users to access it. The vulnerability has been assigned a CVSS score of 7.7 (High) and is classified as CWE-89, falling under the OWASP Top 10 category A1: Injection (WPScan).

When exploited, this vulnerability could allow authenticated users to perform SQL Injection attacks against the affected WordPress installation. The severity of the impact is heightened in cases where the plugin is configured to grant access to lower-privileged users (WPScan).

The vulnerability has been fixed in WP Statistics version 13.2.9. Users are advised to update to this version or later to mitigate the risk. No alternative workarounds have been published (WPScan).