The WooCommerce Dropshipping WordPress plugin before 4.4 does not properly sanitise and escape a parameter before using it in a SQL statement via a REST endpoint available to unauthenticated users, leading to a SQL injectionCreditsWPScanWPScanReferenceshttps://wpscan.com/vulnerability/c5e395f8-257e-49eb-afbd-9c1e26045373
