CVE-2023-6620: 
WordPress vulnerability analysis and mitigation

The POST SMTP Mailer WordPress plugin before version 2.8.7 contains a SQL injection vulnerability identified as CVE-2023-6620. The vulnerability was discovered and publicly disclosed on December 21, 2023. The issue affects the plugin's email log functionality where several parameters are not properly sanitized and escaped before being used in SQL statements (WPScan Advisory).

The vulnerability is classified as a SQL Injection (CWE-89) with a CVSS v3.1 base score of 7.2 (HIGH). The vulnerability exists in two actions: 'ps-delete-email-logs' and 'ps-export-email-logs', where input parameters are not properly sanitized before being used in SQL queries. The attack vector is network-accessible (AV:N) with low attack complexity (AC:L), requiring high privileges (PR:H) and no user interaction (UI:N) (NVD).

If exploited, this vulnerability could allow high-privilege users such as administrators to perform SQL injection attacks. This could potentially lead to unauthorized access to the database, data manipulation, and possible exposure of sensitive information stored in the WordPress database (WPScan Advisory).

The vulnerability has been fixed in version 2.8.7 of the POST SMTP Mailer plugin. Users are advised to update to this version or later to mitigate the risk (WPScan Advisory).