CVE-2023-52215: 
WordPress vulnerability analysis and mitigation

An SQL Injection vulnerability (CVE-2023-52215) was discovered in UkrSolution's Simple Inventory Management WordPress plugin (also known as Barcode Scanner with Inventory & Order Manager). The vulnerability affects all versions up to 1.5.1 and was disclosed on January 8, 2024. This critical vulnerability exists in the plugin's handling of the 'userToken' parameter (Patchstack, WPScan).

The vulnerability is classified as an SQL Injection (CWE-89) due to insufficient escaping of user-supplied parameters and inadequate preparation of SQL queries. The vulnerability received a CVSS v3.1 score of 9.8 (Critical) from NIST and 9.3 (Critical) from Patchstack, indicating its severe nature. The issue specifically involves the 'userToken' parameter, which allows unauthenticated attackers to append additional SQL queries to existing ones (Patchstack).

This vulnerability allows unauthenticated attackers to extract sensitive information from the database through SQL injection attacks. The high CVSS scores indicate that successful exploitation could lead to significant data breaches and potential system compromise (Patchstack).

The vulnerability has been patched in version 1.5.2 of the plugin. Users are strongly advised to update to this version or later immediately. Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks until users can update to the fixed version (Patchstack).