Description The plugin does not properly escape parameters appended to an SQL query, making it possible for users with the administrator role to conduct SQL Injection attacks in the context of a multisite WordPress configurations.
1. Log in as an administrator 2. Visit /wp-admin/admin.php?page=advance-search and create a new shortcode 3. In the “Post Type” section, fill the “List of Post Meta Keys” field with the following PoC: ', data=(SELECT sleep(10) FROM wp_users)-- a 4. Save the shortcode, and notice the requests takes a long time to finish, indicating our sleep(10)
instruction executed in the context of an SQL query.