CVE-2023-5431: 
WordPress vulnerability analysis and mitigation

CVE-2023-5431 affects the Left right image slideshow gallery plugin for WordPress in versions up to and including 12.0. The vulnerability was discovered and disclosed on October 31, 2023, impacting WordPress installations using the affected plugin versions (NVD).

The vulnerability is classified as an SQL Injection vulnerability that exists in the plugin's shortcode functionality. The issue stems from insufficient escaping of user-supplied parameters and inadequate preparation of existing SQL queries. The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (MEDIUM) by NVD and 8.8 (HIGH) by Wordfence, with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N (NVD).

The vulnerability allows authenticated attackers with subscriber-level permissions or higher to append additional SQL queries to existing queries. This can be exploited to extract sensitive information from the database, potentially compromising the security and confidentiality of the WordPress installation (NVD).

The vulnerability has been patched in version 12.1 of the Left right image slideshow gallery plugin. Users are strongly advised to update to this version or later to mitigate the risk (Wordfence Advisory).