CVE-2023-46823: 
WordPress vulnerability analysis and mitigation

The CVE-2023-46823 is a SQL Injection vulnerability discovered in Avirtum's ImageLinks Interactive Image Builder for WordPress plugin versions up to 1.5.4. The vulnerability was publicly disclosed on October 29, 2023, and affects the plugin's functionality where improper neutralization of special elements in SQL commands could lead to potential database exploitation (Patchstack, NVD).

The vulnerability is classified as a SQL Injection (CWE-89) with a CVSS v3.1 Base Score of 7.2 (HIGH). The attack vector is characterized by CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, indicating that it requires high privileges (such as admin access) to exploit, but has potential for high impact on confidentiality, integrity, and availability (NVD, WPScan).

The vulnerability could allow high-privilege users such as administrators to perform SQL injection attacks against the WordPress database. This could potentially lead to unauthorized access to sensitive information, manipulation of database contents, and compromise of data integrity (WPScan).

The vulnerability has been fixed in version 1.6.0 of the ImageLinks Interactive Image Builder plugin. Users are advised to update to this version or later to remediate the security issue (WPScan).