CVE-2022-47614: 
WordPress vulnerability analysis and mitigation

CVE-2022-47614 is an unauthenticated SQL Injection (SQLi) vulnerability affecting InspireUI MStore API WordPress plugin versions 3.9.7 and below. The vulnerability was discovered and reported by Lucio Sá on December 24, 2022, and was later published by Patchstack on June 19, 2023 (Patchstack Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. This indicates that the vulnerability can be exploited over the network, requires low attack complexity, needs no privileges or user interaction, and primarily impacts confidentiality (NVD Database).

The SQL Injection vulnerability could allow malicious actors to directly interact with the database, potentially leading to unauthorized access to sensitive information. The high confidentiality impact rating suggests that attackers could gain access to significant amounts of data stored in the affected WordPress installation's database (Patchstack Advisory).

Users are advised to update to MStore API plugin version 3.9.8 or later which contains the fix for this vulnerability. Patchstack has also issued a virtual patch to mitigate this issue by blocking potential attacks until users can update to a fixed version (Patchstack Advisory).