WordPress Action Network 1.4.3 - Admin+ SQLi

Description The plugin is vulnerable to SQL Injection via the ‘bulk-action’ parameter due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.