Name of the Vulnerable Software and Affected Versions:

iATS Online Forms plugin for WordPress versions up to and including 1.2

Description:

The iATS Online Forms plugin for WordPress is susceptible to time-based SQL Injection via the `order` parameter. Insufficient escaping of user-supplied input and inadequate SQL query preparation allow authenticated attackers with Contributor-level access or higher to inject additional SQL queries into existing queries, potentially extracting sensitive information from the database.

Recommendations:

Update iATS Online Forms plugin for WordPress to a version later than 1.2.