CVE-2023-5412: 
WordPress vulnerability analysis and mitigation

The Image horizontal reel scroll slideshow plugin for WordPress (versions up to and including 13.2) contains a SQL Injection vulnerability (CVE-2023-5412) discovered in October 2023. The vulnerability exists in the plugin's shortcode functionality due to insufficient escaping of user-supplied parameters and inadequate preparation of SQL queries (NVD).

The vulnerability is classified with a CVSS v3.1 base score of 8.8 (HIGH) according to Wordfence, while NVD assigns it a score of 6.5 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The issue stems from improper parameter handling in the plugin's shortcode implementation, allowing authenticated users with subscriber-level permissions or higher to manipulate SQL queries (NVD).

When exploited, this vulnerability allows authenticated attackers with subscriber-level or higher permissions to append additional SQL queries to existing ones, potentially leading to unauthorized access to sensitive information stored in the database (NVD).

Users should upgrade to version 13.3 or later of the Image horizontal reel scroll slideshow plugin, which contains the necessary security fixes (NVD).