WordPress Plugin yolink Search 1.1.4 - SQL Injection

WordPress Plugin yolink Search 1.1.4 - SQL Injection Exploit Title: WordPress yolink Search plugin getresults $wpdb-prepare "SELECT ID,GUID FROM $wpdb-posts WHERE poststatus='publish' AND posttype IN $posttypein AND ID $idfrom order by ID asc LIMIT $batchsize" ; //misusage of $wpdb-prepare :...