CVE-2023-50855: 
WordPress vulnerability analysis and mitigation

A SQL Injection vulnerability (CVE-2023-50855) was discovered in the WordPress Pre* Party Resource Hints plugin, affecting versions up to 1.8.18. The vulnerability was reported by Muhammad Daffa on October 26, 2023, and was publicly disclosed on December 21, 2023. This security issue affects Sam Perrow's Pre* Party Resource Hints plugin, which is a WordPress plugin for resource management (Patchstack).

The vulnerability is classified as an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') with a CVSS v3.1 base score of 7.2 (HIGH) according to NVD, and 7.6 (HIGH) according to Patchstack. The vulnerability has been assigned CWE-89 classification. The attack vector is network-accessible (AV:N) with low attack complexity (AC:L) and requires high privileges (PR:H) with no user interaction (UI:N) (NVD).

The SQL injection vulnerability could allow a malicious actor with administrator privileges to directly interact with the database, potentially leading to unauthorized data access, manipulation, or theft of information (Patchstack).

The vulnerability has been fixed in version 1.8.20 of the Pre* Party Resource Hints plugin. Users are advised to update to version 1.8.20 or later to remove the vulnerability. It's worth noting that the software was flagged as potentially abandoned, as it hadn't received updates for over a year, and users should consider replacing it with an alternative solution (Patchstack).