CVE-2023-47530: 
WordPress vulnerability analysis and mitigation

The vulnerability (CVE-2023-47530) affects the WPVibes Redirect 404 Error Page to Homepage or Custom Page with Logs WordPress plugin, versions up to and including 1.8.7. This SQL Injection vulnerability was discovered by Fariq Fadillah Gusti Insani and publicly disclosed on November 7, 2023 (Wordfence, Patchstack).

The vulnerability stems from insufficient escaping of user-supplied parameters and inadequate preparation of existing SQL queries. The issue has been classified as CWE-89 (Improper Neutralization of Special Elements used in an SQL Command). The vulnerability has received a CVSS v3.1 base score of 7.2 (High) from NIST with vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, while Patchstack assigned a score of 7.6 (High) with vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L (NVD).

The vulnerability allows authenticated attackers with administrator-level access to append additional SQL queries to existing ones, potentially enabling the extraction of sensitive information from the database (WPScan).

Users are advised to update to version 1.8.8 or later of the plugin, which contains the fix for this vulnerability. Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks until users can update to the fixed version (Patchstack).