WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The Secure Copy Content Protection Plugin is an application plugin for WordPress. SQL injection vulnerability, which stems from the plugin’s get_reports() function failing to whitelist or validate the orderby parameter before it is used in the SQL statement passed to the get_results() DB call. An attacker could exploit this vulnerability to steal sensitive database information with an injected SQL statement in the administration dashboard.