The sirv plugin before 1.3.2 for WordPress has SQL injection via the id parameter.Referenceshttps://wpvulndb.com/vulnerabilities/8673https://wordpress.org/plugins/sirv/#developershttp://lenonleite.com.br/en/2016/11/10/sirv-1-3-1-plugin-for-wordpress/
