CVE-2023-5203: 
WordPress vulnerability analysis and mitigation

The WP Sessions Time Monitoring Full Automatic WordPress plugin before version 1.0.9 contains an SQL injection vulnerability (CVE-2023-5203). The vulnerability was discovered on September 11, 2023, and was publicly disclosed on November 30, 2023. This security flaw affects the plugin's handling of request URLs and query parameters, which are not properly sanitized before being used in SQL queries (WPScan).

The vulnerability is classified as an SQL injection (CWE-89) with a CVSS v3.1 base score of 7.5 (HIGH) and attack vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. The issue stems from improper sanitization of request URL and query parameters before their use in SQL queries. The vulnerability can be exploited through both blind time-based SQL injection techniques and error/union-based techniques when MySQL and WP_DEBUG are enabled (WPScan).

Successful exploitation of this vulnerability allows unauthenticated attackers to extract sensitive data from the WordPress database. The high severity rating indicates the potential for significant data exposure, particularly concerning given that no authentication is required to exploit the vulnerability (WPScan).

The vulnerability has been fixed in version 1.0.9 of the WP Sessions Time Monitoring Full Automatic plugin. Users are strongly advised to update to this version or later to protect against potential attacks (WPScan).