The plugin does not sanitise and escape a parameter before using it in a SQL statement, leading to an SQL Injection
SQLI
Antony Garand from Godaddy
Yes
2020-06-07 (about 2 years ago)
2020-11-30 (about 2 years ago)
2022-04-10 (about 9 months ago)