A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
The plug-in menu C available by the administrator user uses the ID GET parameter and used it in the SQL statement without proper cleaning, authentication, or escape, thereby causing the SQL injection problem.
Affects Plugins
jiangqie-official-website-mini-program <=1.1.0 (the latest version at this time)
https://wordpress.org/plugins/jiangqie-official-website-mini-program/
Author
Ja9er@webray.com.cn inc
Detail
The issue is occured at file jiangqie-official-website-mini-program /includes/jiangqie-ow-free-feedback.php. When the parameter $id not null and $action equal 'detail' , the parameter id is derectly used by mysql