CVE-2023-52204: 
WordPress vulnerability analysis and mitigation

A SQL Injection vulnerability (CVE-2023-52204) was discovered in the WordPress Randomize plugin developed by Javik. The vulnerability affects all versions of the plugin up to and including version 1.4.3. The issue was initially reported by Ngô Thiên An (ancorn_ from VNPT-VCI) on December 26, 2023, and was publicly disclosed on January 3, 2024 (Patchstack).

The vulnerability is classified as an Improper Neutralization of Special Elements used in an SQL Command (CWE-89). It received a CVSS v3.1 base score of 8.8 (HIGH) from NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, while Patchstack assigned a slightly lower score of 8.5 (HIGH) with a vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L. The vulnerability requires Contributor-level privileges or higher to exploit (NVD).

This SQL Injection vulnerability could allow a malicious actor with Contributor-level access to directly interact with the database, potentially leading to unauthorized data access, data theft, and other database manipulation activities (Patchstack).

As of the latest reports, no official fix is available for this vulnerability. Website administrators using the affected versions of the Randomize plugin should consider implementing additional access controls and monitoring for suspicious database activities (Patchstack).