CVE-2022-47432: 
WordPress vulnerability analysis and mitigation

The CVE-2022-47432 is a SQL Injection vulnerability discovered in the WordPress Shortcode IMDB plugin versions up to 6.0.8. The vulnerability was reported by researcher minhtuanact on December 21, 2022, and was publicly disclosed on April 19, 2023. The issue stems from improper neutralization of special elements used in SQL commands within the plugin's shortcode attributes (Patchstack, NVD).

The vulnerability is classified as CWE-89 (Improper Neutralization of Special Elements used in an SQL Command) and received a CVSS v3.1 base score of 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The issue occurs because the plugin does not properly validate and escape some of its shortcode attributes before using them in SQL statements (WPScan).

This vulnerability could allow attackers to directly interact with the database, potentially leading to unauthorized access to sensitive information, modification of database contents, and possible compromise of the WordPress installation (Patchstack).

As of the latest reports, there is no official fix available for this vulnerability. The affected versions include all releases up to and including version 6.0.8 of the Shortcode IMDB plugin (Patchstack).