CVE-2023-23490: 
WordPress vulnerability analysis and mitigation

The Survey Maker WordPress Plugin, version < 3.1.2, is affected by an authenticated SQL injection vulnerability in the 'surveysids' parameter of its 'ayssurveysexportjson' action (Tenable Advisory). The vulnerability was discovered and reported to WordPress on December 19, 2022, and a fix was released on December 21, 2022, in version 3.1.2 (WPScan).

The vulnerability exists due to improper sanitization of the 'surveysids' parameter in the 'ayssurveysexportjson' AJAX action. This SQL injection vulnerability can be exploited by any authenticated user, including those with minimal privileges such as subscriber-level access. The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating network accessibility, low attack complexity, and high impact on confidentiality, integrity, and availability (Tenable Advisory).

If exploited, this vulnerability could allow authenticated attackers to execute arbitrary SQL commands on the underlying database. This could potentially lead to unauthorized access to sensitive data, modification of database contents, and possible disruption of the website's functionality (WPScan).

The vulnerability has been fixed in Survey Maker WordPress Plugin version 3.1.2. Users are strongly advised to update to this version or later to protect against potential exploitation (Tenable Advisory).