Popular WordPress plugins are vulnerable to serious or critical SQL injection vulnerabilities for which PoC exploits have been released.
The errors were discovered by Tenable's recercher Joshua Martinell, who reported them to WordPress on December 19, 2022, along with PoC.