The Maksym Marko Website price calculator plugin (version ≤ 4.1) suffers from an SQL Injection vulnerability caused by improper neutralization of special elements in SQL commands. This allows an attacker with low privileges and no user interaction to execute injected SQL queries, potentially exposing sensitive data. The vulnerability has a CVSS 3.1 base score of 8.5, indicating high severity with network attack vector, low attack complexity, and partial scope impact on confidentiality and availability.

Successful exploitation can lead to unauthorized disclosure of sensitive information from the database (high confidentiality impact). The vulnerability does not affect data integrity but may cause limited denial of service (low availability impact). The attacker requires low privileges and no user interaction to exploit this vulnerability remotely.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider restricting access to the affected plugin and monitor for suspicious activity related to SQL injection attempts. Avoid exposing the vulnerable component to untrusted users where possible.