CVE-2023-5640: 
WordPress vulnerability analysis and mitigation

The Article Analytics WordPress plugin version 1.0 and below contains an unauthenticated SQL injection vulnerability (CVE-2023-5640). The vulnerability was discovered and reported by Nicolas Surribas on October 27, 2023. The plugin fails to properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action that is accessible to unauthenticated users (WPScan, NVD).

The vulnerability exists in the article-analytics.php file where the pregetposts WordPress function hook is used. The $post_id parameter (p parameter in the URL) is not properly validated, allowing for SQL injection. The vulnerability has been assigned a CVSS v3.1 base score of 9.8 (CRITICAL) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. It is classified as CWE-89: Improper Neutralization of Special Elements used in an SQL Command (NVD).

The vulnerability allows unauthenticated attackers to execute arbitrary SQL queries against the WordPress database. This can lead to unauthorized access to sensitive data, including user credentials. An attacker can specifically extract password hashes of WordPress users, including administrators (WPScan).

Currently, there is no known fix for this vulnerability. Site administrators using the Article Analytics plugin should consider removing it until a security patch is available (WPScan).