CVE-2020-27481 Information

Description

An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin = 2.1.4 exists due to the usage of \wp_ajax_nopriv\ call in WordPress which allows any unauthenticated user to get access to the function \gdlr_lms_cancel_booking\ where POST Parameter \id\ was sent straight into SQL query without sanitization.

Reference

https://gist.github.com/0xx7/a7aaa8b0515139cf7e30c808c8d54070