CVE-2022-4447: 
WordPress vulnerability analysis and mitigation

CVE-2022-4447 affects the Fontsy WordPress plugin through version 1.8.6. The vulnerability was discovered and publicly disclosed on December 21, 2022. The issue affects installations of the Fontsy plugin on WordPress sites, specifically impacting the plugin's AJAX functionality (WPScan).

The vulnerability is classified as an SQL injection (SQLI) vulnerability with a CVSS score of 9.8 (CRITICAL) according to CVSS 3.1 metrics. The issue stems from improper sanitization and escaping of parameters before their use in SQL statements via AJAX actions that are accessible to unauthenticated users. The vulnerability is tracked under CWE-89 (SQL Injection) and falls under the OWASP Top 10 category A1: Injection (NVD, WPScan).

The vulnerability allows unauthenticated attackers to perform SQL injection attacks against affected WordPress installations. This could potentially lead to unauthorized access to the database, data theft, manipulation of database contents, and possible escalation of privileges (WPScan).

As of the vulnerability disclosure, there is no known fix available for this vulnerability. Website administrators running the affected versions of the Fontsy plugin should consider disabling the plugin until a security patch is released (WPScan).