CVE-2022-4373: 
WordPress vulnerability analysis and mitigation

CVE-2022-4373 is a SQL injection vulnerability affecting the WordPress plugin Quote-O-Matic versions 1.0.5 and below. The vulnerability was discovered by Daniel Krohmer and Kunal Sharma, and was publicly disclosed on December 12, 2022. The issue exists in the plugin's functionality where it fails to properly sanitize and escape parameters before using them in SQL statements (WPScan).

The vulnerability is classified as a SQL injection (SQLI) that falls under the OWASP Top 10 category A1: Injection and CWE-89. It has been assigned a CVSS score of 4.1 (medium severity). The vulnerability is exploitable through the plugin's admin interface, specifically in the sorting functionality where the 'sortby' parameter is not properly sanitized (WPScan).

The vulnerability allows high-privilege users such as administrators to perform SQL injection attacks against the WordPress database. This could potentially lead to unauthorized access to database contents, modification of database data, or execution of administrative operations on the database (WPScan).

As of the vulnerability disclosure, there is no known fix available for this issue. Website administrators running affected versions of the Quote-O-Matic plugin should consider either removing the plugin or implementing additional security controls to restrict access to the vulnerable functionality (WPScan).