Krisp: SQL Injection + Insecure Deserialization leads to Remote Code Execution on https://krisp.ai

The tenweb-speed-optimizer WordPress plugin prior to version 2.12.22 was vulnerable to unauthenticated SQL injection in /wp-json/tenwebio/v2/compress-one, which could be exploited to gain remote code execution by chaining it with insecure deserialization...