An SQL injection vulnerability found in mycategoryorder.php (Line 47-48). The attacker can exploit this vulnerability via a browser using ‘parentID’ parameter.
Fix (manually) in mycategoryorder.php:
Find this line:
$parentID = intval($_GET[‘parentID’]);
Replace to:
$parentID = intval($_GET[‘parentID’]);
Or update the plugin.