CVE-2023-50842: 
WordPress vulnerability analysis and mitigation

A SQL Injection vulnerability (CVE-2023-50842) was discovered in Matthew Fries MF Gig Calendar WordPress plugin affecting versions up to 1.2.1. The vulnerability was reported on October 2, 2023, by Khalid Yusuf and publicly disclosed on December 21, 2023. This security flaw received a CVSS v3.1 base score of 8.8 (High) from NIST and 8.5 (High) from Patchstack (Patchstack Advisory).

The vulnerability is classified as CWE-89 (Improper Neutralization of Special Elements used in an SQL Command). It requires authenticated access with Contributor-level privileges or higher to exploit. The vulnerability received two different CVSS vector strings: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NIST) and CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L (Patchstack) (NVD Entry).

The SQL injection vulnerability could allow malicious actors with authenticated access to directly interact with the database, potentially leading to unauthorized data access, modification, or deletion of database contents (Patchstack Advisory).

As of the vulnerability disclosure, no official fix is available for this security issue. However, Patchstack has issued a virtual patch to mitigate the vulnerability by blocking potential attacks until an official fix becomes available (Patchstack Advisory).