2019-09-13 14:15:10 2019-09-13 20:54:28

The xtremelocator plugin 1.5 for WordPress has SQL injection via the id parameter.