This vulnerability involves improper neutralization of special elements used in SQL commands within the Rainbow-Themes Education WordPress Theme | HiStudy, versions before 3.1.0. It allows remote attackers to perform SQL Injection attacks, potentially compromising confidentiality and availability. The CVSS 3.1 vector indicates the attack can be executed remotely with low complexity and no privileges or user interaction required, impacting confidentiality with high severity and causing low impact on availability.

Successful exploitation can lead to unauthorized disclosure of sensitive information from the database and partial denial of service conditions. The vulnerability does not indicate integrity impact. Given the CVSS score of 9.3, the impact is critical primarily due to confidentiality breach and ease of exploitation.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or patch links are provided at this time. Users should monitor the Rainbow-Themes vendor communications for updates and apply any official patches once available. Until then, consider restricting access to vulnerable endpoints or disabling the affected theme if feasible.