CVE-2024-48043: 
WordPress vulnerability analysis and mitigation

The ShortPixel Image Optimizer WordPress plugin versions through 5.6.3 contains an SQL Injection vulnerability (CVE-2024-48043). The vulnerability was discovered and reported by Rafie Muhammad on October 13, 2024. This security issue affects the ShortPixel Image Optimizer plugin and requires Editor or higher privileges to exploit (Patchstack).

The vulnerability is classified as an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'). It has been assigned a CVSS v3.1 base score of 7.6 (High) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L. The vulnerability requires high privileges to exploit but can be accessed remotely with low attack complexity (NVD).

If exploited, this SQL injection vulnerability could allow an authenticated attacker with Editor or higher privileges to directly interact with the database, potentially leading to unauthorized access to sensitive information. The vulnerability has high confidentiality impact and low availability impact (Patchstack).

The vulnerability has been fixed in version 5.6.4 of the ShortPixel Image Optimizer plugin. Users are advised to update to version 5.6.4 or later to remove the vulnerability. Patchstack users can enable auto-update for vulnerable plugins (Patchstack).