CVE-2023-0262: 
WordPress vulnerability analysis and mitigation

The WP Airbnb Review Slider WordPress plugin before version 3.3 contains a SQL injection vulnerability (CVE-2023-0262) that was discovered and publicly disclosed on January 23, 2023. The vulnerability affects the plugin's parameter handling functionality and can be exploited by users with privileges as low as subscriber level (WPScan Advisory, NVD).

The vulnerability stems from improper sanitization and escaping of a parameter before its use in SQL statements. The issue has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified as CWE-89 (SQL Injection) and falls under the OWASP Top 10 category A1: Injection (WPScan Advisory, NVD).

If exploited, this vulnerability could allow authenticated users with subscriber-level access to perform SQL injection attacks against the affected WordPress installation. This could potentially lead to unauthorized access to, modification of, or deletion of database content (WPScan Advisory).

The vulnerability has been fixed in version 3.3 of the WP Airbnb Review Slider plugin. Users are advised to update to this version or later to mitigate the risk (WPScan Advisory).