CVE-2023-52132: 
WordPress vulnerability analysis and mitigation

The CVE-2023-52132 is a SQL Injection vulnerability discovered in the Jewel Theme WP Adminify WordPress plugin. The vulnerability affects all versions of WP Adminify up to version 3.1.6. The issue was discovered by Muhammad Daffa and was publicly disclosed on December 28, 2023 (Wordfence Intel, WPScan).

The vulnerability is classified as an Improper Neutralization of Special Elements used in an SQL Command (CWE-89). The issue stems from insufficient escaping on user-supplied parameters and lack of sufficient preparation on existing SQL queries. The vulnerability has received varying CVSS scores: NIST assigned a CVSS v3.1 base score of 7.2 (HIGH) with vector CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, while Patchstack rated it at 7.6 (HIGH) with vector CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L (NVD, Patchstack).

The vulnerability allows authenticated attackers with administrator access to append additional SQL queries to existing queries. This can be exploited to extract sensitive information from the database, potentially compromising the security and integrity of the affected WordPress installation (WPScan).

The vulnerability has been patched in WP Adminify version 3.1.7. Users are advised to update to this version or later to remove the vulnerability. The issue is considered to have a low severity impact and is unlikely to be exploited, but updating is still recommended as a security best practice (Patchstack).