Ja9Er

**Name of the Vulnerable Software and Affected Versions** JiangQie Official Website Mini Program WordPress plugin versions prior to 1.1.1 **Description** The issue arises from the plugin's failure to properly escape or validate the `id` GET parameter before using it in SQL statements, leading to SQL injection issues. **Recommendations** For versions prior to 1.1.1, update to version 1.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the API endpoint that uses the `id` parameter in SQL statements until a patch is applied. Avoid using the `id` parameter in affected SQL statements until the issue is resolved.