Name of the Vulnerable Software and Affected Versions:

Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager versions up to 4.89

Description:

The issue is related to a time-based SQL injection vulnerability. It occurs due to insufficient escaping of the user-supplied `bsa pro id` parameter and a lack of proper preparation of the existing SQL query. This allows unauthenticated attackers to append additional SQL queries to existing ones, potentially extracting sensitive information from the database.

Recommendations:

For versions up to 4.89, update to a version higher than 4.89 to resolve the issue.

As a temporary workaround, consider restricting access to the `bsa pro id` parameter to minimize the risk of exploitation.