The plugin lacks proper sanitization before passing variables to an SQL request, making it vulnerable to SQL Injection attacks. Users with a role of contributor or higher can exploit this vulnerability.
Proof of Concept
No known fix - plugin closed
2021-06-02 (about 4 months ago)
2021-07-12 (about 3 months ago)
2021-08-10 (about 2 months ago)