CVE-2022-45355: 
WordPress vulnerability analysis and mitigation

An authenticated SQL Injection (SQLi) vulnerability was discovered in ThimPress WP Pipes WordPress plugin versions 1.33 and below. The vulnerability was reported on November 17, 2022, and was assigned CVE-2022-45355. The issue affects the WordPress plugin WP Pipes developed by ThimPress (Patchstack).

The vulnerability is classified as an SQL Injection (CWE-89) that requires administrator-level authentication to exploit. It received a CVSS v3.1 base score of 7.2 (HIGH) from NIST with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, while Patchstack assessed it with a CVSS score of 8.2 (HIGH) and vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L (NVD).

The SQL Injection vulnerability could allow a malicious actor with administrative privileges to directly interact with the database, potentially leading to unauthorized data access, modification, or extraction of sensitive information (Patchstack).

The vulnerability has been fixed in version 1.4.0 of the WP Pipes plugin. Users are advised to update to version 1.4.0 or later to remediate the vulnerability. The fix was released on January 20, 2023 (Patchstack).