CVE-2023-0261: 
WordPress vulnerability analysis and mitigation

The WP TripAdvisor Review Slider WordPress plugin versions before 10.8 contain a SQL injection vulnerability identified as CVE-2023-0261. The vulnerability was discovered and publicly disclosed on January 23, 2023. This security issue affects WordPress installations using the WP TripAdvisor Review Slider plugin (WPScan, NVD).

The vulnerability stems from improper sanitization and escaping of a parameter before its use in SQL statements. It has been assigned a CVSS score of 7.7 (High) and is classified as a SQL Injection (SQLI) vulnerability, falling under the OWASP Top 10 category A1: Injection and CWE-89. The vulnerability can be exploited through the WordPress admin-ajax.php endpoint using a specially crafted POST request (WPScan).

The vulnerability allows attackers with subscriber-level access or higher to perform SQL injection attacks against the affected WordPress installations. This could potentially lead to unauthorized access to the database, data manipulation, or exposure of sensitive information (WPScan).

The vulnerability has been patched in version 10.8 of the WP TripAdvisor Review Slider plugin. Users are strongly advised to update to this version or later to protect their WordPress installations (WPScan).