WordPress Master Elements <=8.0 - SQL Injection

WordPress Master Elements plugin through 8.0 contains a SQL injection vulnerability. The plugin does not validate and escape the metaids parameter of its removepostmetacondition AJAX action, available to both unauthenticated and authenticated users, before using it in a SQL statement. An attacker...