Authenticated SQL Injection (SQLi) vulnerability discovered by 0xdecafbad in WordPress WPcalc plugin (versions <= 2.1).
Deactivate and delete. This plugin has been closed as of December 9, 2021 and is not available for download. This closure is permanent.