CVE-2023-5429: 
WordPress vulnerability analysis and mitigation

The Information Reel plugin for WordPress contains a SQL Injection vulnerability (CVE-2023-5429) in versions up to and including 10.0. The vulnerability exists due to insufficient escaping of user-supplied parameters and inadequate preparation of SQL queries in the plugin's shortcode functionality (NVD).

The vulnerability stems from improper neutralization of special elements used in SQL commands (CWE-89). The issue allows authenticated attackers with subscriber-level permissions or higher to append additional SQL queries to existing queries. The vulnerability has a CVSS v3.1 base score of 6.5 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N according to NVD, while Wordfence rates it at 8.8 (HIGH) with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

When exploited, this vulnerability allows authenticated attackers to extract sensitive information from the WordPress database by manipulating SQL queries. The high confidentiality impact rating indicates the potential for unauthorized access to sensitive data stored in the database (NVD).

Users should upgrade to Information Reel plugin version 10.1 or later, which contains patches for this vulnerability. The fix was implemented through improved input validation and proper SQL query preparation (Wordfence).