CVE-2023-51469: 
WordPress vulnerability analysis and mitigation

An SQL Injection vulnerability (CVE-2023-51469) was discovered in Mestres do WP Checkout Mestres WP plugin for WordPress, affecting versions through 7.1.9.6. The vulnerability was reported by Rafie Muhammad and disclosed on December 27, 2023 (Patchstack).

The vulnerability is classified as an Improper Neutralization of Special Elements used in an SQL Command (CWE-89). It received a Critical CVSS v3.1 base score of 9.8 from NIST (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and 9.3 from Patchstack (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L) (NVD).

This vulnerability allows malicious actors to directly interact with the database, potentially leading to unauthorized access to sensitive information, data manipulation, and system compromise. The high CVSS score indicates critical severity, suggesting significant potential impact on affected systems (Patchstack).

Users are advised to update to version 7.1.9.8 or later to resolve the vulnerability. Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks until users can update to a fixed version (Patchstack).