CVE-2023-5428: 
WordPress vulnerability analysis and mitigation

The Image vertical reel scroll slideshow plugin for WordPress (CVE-2023-5428) contains a SQL Injection vulnerability that affects versions up to and including 9.0. The vulnerability was disclosed on October 31, 2023, and impacts the plugin's shortcode functionality. This security issue affects WordPress installations using the vulnerable plugin versions (NVD).

The vulnerability stems from insufficient escaping of user-supplied parameters and inadequate preparation of existing SQL queries in the plugin's shortcode implementation. The CVSS v3.1 base score is 6.5 (MEDIUM) according to NVD assessment, while Wordfence rates it as 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

When exploited, this vulnerability allows authenticated attackers with subscriber-level permissions or higher to append additional SQL queries to existing queries. This capability can be leveraged to extract sensitive information from the WordPress database (NVD).

Users should upgrade to version 9.1 or later of the Image vertical reel scroll slideshow plugin, which contains the security fix for this vulnerability (NVD).