CVE-2023-0259: 
WordPress vulnerability analysis and mitigation

CVE-2023-0259 is a SQL injection vulnerability affecting the WP Google Review Slider WordPress plugin versions before 11.8. The vulnerability was discovered and publicly disclosed on January 23, 2023. The issue affects the wp-google-places-review-slider plugin, which failed to properly sanitize and escape parameters before using them in SQL statements (WPScan, NVD).

The vulnerability is classified as a SQL injection (SQLI) with a CVSS score of 7.7 (high severity). It falls under the OWASP Top 10 category A1: Injection and is identified as CWE-89. The vulnerability stems from improper input validation where a parameter is not properly sanitized and escaped before being used in SQL statements. The issue specifically occurs in the plugin's handling of the 'parse-media-shortcode' AJAX action (WPScan).

The vulnerability allows users with roles as low as subscriber to perform SQL injection attacks against the affected WordPress installations. This could potentially lead to unauthorized access to the database, data manipulation, or exposure of sensitive information (WPScan).

The vulnerability has been fixed in version 11.8 of the WP Google Review Slider plugin. Users are advised to update to this version or later to mitigate the risk (WPScan).