CVE-2023-45830: 
WordPress vulnerability analysis and mitigation

A SQL Injection vulnerability (CVE-2023-45830) was discovered in the Online ADA Accessibility Suite WordPress plugin. The vulnerability affects versions up to and including 4.12 of the Accessibility Suite by Online ADA. The issue was initially reported on March 31, 2023, and was publicly disclosed on October 13, 2023 (Patchstack).

The vulnerability is classified as an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'). It received a CVSS v3.1 base score of 9.8 (CRITICAL) from NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, while Patchstack assigned it a score of 8.5 (HIGH) with a vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L (NVD).

The SQL injection vulnerability could allow malicious actors to directly interact with the database, potentially leading to unauthorized access to sensitive information, data manipulation, and possible database compromise. The vulnerability is considered highly dangerous and expected to become mass exploited (Patchstack).

Users are advised to update to version 4.13 or later of the Accessibility Suite by Online ADA plugin to resolve the vulnerability. Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks until users can update to a fixed version (Patchstack).