CVE-2023-32508: 
WordPress vulnerability analysis and mitigation

A SQL Injection vulnerability (CVE-2023-32508) was discovered in the WordPress plugin 'Order Your Posts Manually' affecting versions up to 2.2.5. The vulnerability was initially reported by researcher minhtuanact on March 31, 2023, and was publicly disclosed on May 10, 2023 (Patchstack).

The vulnerability stems from improper sanitization and escaping of the 'sortdata' parameter before its use in SQL statements. The issue has been assigned a CVSS 3.1 base score of 7.2 (HIGH) by NIST with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. Additionally, CISA-ADP assessed it with a CVSS score of 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified under CWE-89 (Improper Neutralization of Special Elements used in an SQL Command) (NVD).

The vulnerability could allow malicious actors to directly interact with the database, potentially leading to unauthorized data access, modification, or theft of sensitive information. The impact is particularly significant as it affects the database layer of the application (Patchstack).

As of the latest reports, there is no official fix available for this vulnerability. The issue affects versions up to 2.2.5 of the Order Your Posts Manually plugin (Patchstack).