The plugin contains an SQL Injection vulnerability due to the plugin does not properly sanitize and escape the edit_row parameter before using it in an SQL query, which makes it possible for authenticated attackers with a role as low as administrator to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.