The plugin does not sanitize the cpt POST parameter when exporting post data before using it in a database query, leading to an SQL injection vulnerability.
1. Go to the All Export > New Export screen in the WordPress admin. 2. Now click on Specific Post Type > Posts. 3. Click now on Migrate Posts and intercept this request and look for the name cpt: Content-Disposition: form-data; name=“cpt” post Change it to: Content-Disposition: form-data; name=“cpt” post’+(select*from(select(sleep(10)))a)+’ Now you will see a later response of 10 seconds, thus confirming the authenticity of the sqli vulnerability.