CVE-2023-50845: 
WordPress vulnerability analysis and mitigation

An SQL Injection vulnerability (CVE-2023-50845) was discovered in the GeoDirectory – WordPress Business Directory Plugin developed by AyeCode. The vulnerability affects versions up to and including 2.3.28. The issue was initially reported on October 17, 2023, and was publicly disclosed on December 21, 2023 (Patchstack).

The vulnerability is classified as an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') with a CVSS v3.1 base score of 7.2 (HIGH) according to NVD, and 7.6 (HIGH) according to Patchstack. The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, indicating that the vulnerability is network accessible, requires high privileges, and can potentially impact confidentiality, integrity, and availability (NVD).

The SQL injection vulnerability could allow a malicious actor with administrator privileges to directly interact with the database. This interaction could potentially lead to unauthorized access to sensitive information stored in the database (Patchstack).

The vulnerability has been fixed in version 2.3.29 of the GeoDirectory plugin. Users are advised to update to version 2.3.29 or later to remediate this security issue (Patchstack).