This could allow a low privilege user, to perform a time based SQL Injection attack and retrieve data from the DB, such as hashed passwords.
research.checkpoint.com/2020/e-learning-platforms-getting-schooled-multiple-vulnerabilities-in-wordpress-most-popular-learning-management-system-plugins/