The plugin does not sanitise and escape the id parameter before using it in a SQL statement via the refUrlDetails AJAX action, available to any authenticated user, leading to a SQL injection
https://example.com/wp-admin/admin-ajax.php?action=refUrlDetails&id;=sleep(1) -- g
CPE | Name | Operator | Version |
---|---|---|---|
wp-stats-manager | lt | 4.8 |