The plugin is vulnerable to authenticated SQL injection via the id parameter found in the ~/Classes/wpBannerizeAdmin.php file which allows attackers to exfiltrate sensitive information from vulnerable sites.
CPE | Name | Operator | Version |
---|---|---|---|
wp-bannerize | eq | * |