CVE-2023-45657: 
WordPress vulnerability analysis and mitigation

The Nexter WordPress theme contains an SQL Injection vulnerability (CVE-2023-45657) discovered in versions up to 2.0.3. The vulnerability was identified on October 12, 2023, and affects the theme's handling of the 'to' and 'from' parameters due to insufficient escaping of user-supplied input and lack of proper SQL query preparation (Patchstack, WPScan).

The vulnerability is classified as an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') with a CVSS v3.1 base score of 9.8 (CRITICAL). The issue allows authenticated attackers with subscriber-level access and above to append additional SQL queries to existing queries through the manipulation of the 'to' and 'from' parameters. This vulnerability stems from insufficient escaping of user-supplied parameters and the absence of proper SQL query preparation (NVD).

Successful exploitation of this vulnerability could allow attackers to extract sensitive information from the database, potentially compromising the confidentiality, integrity, and availability of the affected system. The high CVSS score of 9.8 indicates critical severity with potential for complete compromise of the system (NVD).

The vulnerability has been patched in version 2.0.4 of the Nexter theme. Users are strongly advised to update to this version or later to resolve the security issue. No alternative workarounds have been publicly documented (Patchstack).