CVE-2023-4797: 
WordPress vulnerability analysis and mitigation

The Newsletters WordPress plugin before version 4.9.3 contains a critical security vulnerability identified as CVE-2023-4797. This vulnerability was discovered and publicly disclosed on October 5, 2023. The issue affects the Newsletter Lite plugin for WordPress and allows administrators to execute arbitrary commands on the server due to improper escaping of user-controlled parameters in SQL queries and shell commands (WPScan, NVD).

The vulnerability is classified as a Command Injection vulnerability (CWE-77) with a CVSS v3.1 base score of 7.2 (HIGH), and vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. The issue stems from inadequate escaping of user input in the plugin's email archiving functionality, specifically in the 'Archive Older Than' field within the History & Emails Configuration section (WPScan).

The vulnerability allows authenticated administrators to execute arbitrary commands on the server, potentially leading to complete server compromise. This could result in unauthorized access to sensitive data, system modification, and potential service disruption (NVD).

The vulnerability has been patched in version 4.9.3 of the Newsletter Lite plugin. Users are strongly advised to update to this version or later to protect their systems from potential exploitation (WPScan).