CVE-2023-47236: 
WordPress vulnerability analysis and mitigation

An SQL Injection vulnerability was discovered in Avirtum iPages Flipbook For WordPress plugin versions through 1.4.8. The vulnerability was identified on November 6, 2023 and assigned CVE-2023-47236. This security issue affects the WordPress plugin iPages Flipbook For WordPress up to version 1.4.8 (Patchstack).

The vulnerability is classified as an SQL Injection (CWE-89) which allows improper neutralization of special elements used in SQL commands. The CVSS v3.1 base score is rated as 7.6 HIGH (Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L) according to Patchstack's assessment, while NVD rates it as 4.9 MEDIUM (Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N) (NVD).

The vulnerability could allow a malicious actor with administrator privileges to directly interact with the database, potentially leading to unauthorized access to sensitive information. The impact primarily affects the confidentiality of the system, with potential limited impact on availability (Patchstack).

The vulnerability has been fixed in version 1.5.0 of the plugin. Users are advised to update to version 1.5.0 or later to remove the vulnerability. Additionally, Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks until users can update to the fixed version (Patchstack).