Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saleswonder.Biz 5 Stars Rating Funnel allows SQL Injection.This issue affects 5 Stars Rating Funnel: from n/a through 1.4.01.

Missing Authorization vulnerability in Saleswonder 5 Stars Rating Funnel.This issue affects 5 Stars Rating Funnel: from n/a through 1.2.67.

Missing Authorization vulnerability in Saleswonder.Biz 5 Stars Rating Funnel.This issue affects 5 Stars Rating Funnel: from n/a through 1.2.67.

The 5 Stars Rating Funnel WordPress Plugin | RRatingg WordPress plugin before 1.2.54 does not properly sanitise, validate and escape lead ids before using them in a SQL statement via the rrtngg_delete_leads AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue. There is an attempt to sanitise the input, using sanitize_text_field(), however such function is not intended to prevent SQL injections.