CVE-2023-2493: 
WordPress vulnerability analysis and mitigation

The All In One Redirection WordPress plugin versions before 2.2.0 contains a SQL injection vulnerability (CVE-2023-2493) that affects high-privilege users such as administrators. The vulnerability was discovered and publicly disclosed on June 19, 2023. The issue stems from improper sanitization and escaping of multiple parameters before their use in SQL statements (WPScan Advisory).

The vulnerability exists in two main functionalities: when adding a redirection through the 'sourceurlinsert' parameter and when deleting a redirect using the 'checkdeletebtns' parameter. Both parameters are vulnerable to SQL injection attacks. The severity is rated as HIGH with a CVSS v3.1 base score of 7.2 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). The vulnerability is classified as CWE-89 (SQL Injection) and falls under the OWASP Top 10 category A1: Injection (NVD, WPScan Advisory).

When exploited, this vulnerability allows authenticated administrators to perform SQL injection attacks against the WordPress database. This could lead to unauthorized access to sensitive data, manipulation of database contents, and potential compromise of the WordPress installation's integrity (WPScan Advisory).

The vulnerability has been fixed in version 2.2.0 of the All In One Redirection plugin. Users are advised to update to this version or later to mitigate the risk (WPScan Advisory).