CVE-2021-24846
The getquery function of the Ni WooCommerce Custom Order Status WordPress plugin before 1.9.7, used by the niwoocosajax AJAX action, available to all authenticated users, does not properly sanitise the sort parameter before using it in a SQL statement, leading to an SQL injection, exploitable by...