CVE-2023-5108: 
WordPress vulnerability analysis and mitigation

CVE-2023-5108 affects the Easy Newsletter Signups WordPress plugin through version 1.0.4. The vulnerability was discovered and reported by Karolis Narvilas from Prism Infosec, and was publicly disclosed on November 13, 2023. The vulnerability exists in the plugin's handling of parameters in SQL statements, specifically affecting WordPress installations with the Easy Newsletter Signups plugin installed (WPScan).

The vulnerability is classified as a SQL injection (CWE-89) with a CVSS v3.1 base score of 7.2 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. The issue stems from improper sanitization and escaping of parameters before their use in SQL statements. The vulnerability specifically affects the parameter handling in the plugin's CSV export functionality (NVD).

If successfully exploited, this vulnerability could allow high-privilege users such as administrators to perform SQL injection attacks. This could potentially lead to unauthorized access to database information, modification of database content, and possible exposure of sensitive data (WPScan).

As of the current reporting, there is no known fix available for this vulnerability. Users of the Easy Newsletter Signups WordPress plugin should consider implementing additional security measures or evaluating alternative newsletter solutions until a patch is released (WPScan).