## https://sploitus.com/exploit?id=WPEX-ID:B3F2D38F-8EEB-45E9-BB58-2957E416E1CD
1. When editing a form, go to "Settings > MySQL Mapping".
2. Click "Add a Query"
3. When mapping the form to the database in the next screen, intercept the request and replace either the `id` or `form_id` parameter with the payload `1%20AND%20(SELECT%205065%20FROM%20(SELECT(SLEEP(5)))zYK1)`
4. The request will run the SQL.