WordPress Plugin ProPlayer 4.7.7 - SQL Injection

Exploit Title: ProPlayer plugin tablePrefix."proplayerplaylist WHERE POSTID='$id'"; $playlistRow = mysqlfetchrow$query; return $this-withBackwardCompatibility$playlistRow2; ... if !empty$GET"ppplaylistid" header"Content-type: application/xml"; $xml =...