CVE-2023-47558: 
WordPress vulnerability analysis and mitigation

An SQL Injection vulnerability was identified in the WordPress plugin 'Who Hit The Page – Hit Counter' affecting versions up to 1.4.14.3. The vulnerability was discovered on March 28, 2023, and publicly disclosed on November 7, 2023. This security issue was assigned CVE-2023-47558 and requires administrator privileges to exploit (Patchstack Advisory).

The vulnerability is classified as an SQL Injection (CWE-89) that allows improper neutralization of special elements used in SQL commands. The CVSS v3.1 scores vary between sources, with NVD rating it at 6.5 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N, while Patchstack rates it at 7.6 (HIGH) with vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L (NVD).

The vulnerability could allow a malicious actor with administrator privileges to directly interact with the database, potentially leading to unauthorized data access and manipulation. The impact includes high confidentiality and integrity breaches according to the CVSS metrics (Patchstack Advisory).

No official fix is currently available for this vulnerability. However, Patchstack has issued a virtual patch to mitigate the issue by blocking potential attacks until an official fix becomes available (Patchstack Advisory).