WordPress WP Brutal AI Cross Site Request Forgery / SQL Injection

Tittle:WordPress Plugin WP Brutal AI < 2.0.0 - SQL Injection via CSRFReferences:CVE-2023-2601Author:Taurus Omar Description:The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin via CSRF.Affects Plugins:WP Brutal AI - Fixed in version 2.0.0Proof of Concept:When there is a created campaign, access the following link as an admin:https://example.com/wp-admin/admin.php?page=viewwpbrutalaicampaign&id=1+and+sleep%2815%29 Classification:Type SQLi OWASP top 10 A1: Sql Injection (SQLi)CWE-89wpScan:https://wpscan.com/vulnerability/57769468-3802-4985-bf5e-44ec1d59f5fd