The vulnerability exists WP plugin BWL Advanced FAQ Manager version 2.0.3, affecting parameter is 'date_range' and affected page is /wp-admin/edit.php. Authenticated attackers can execute arbitrary SQL commands within the database by manipulating the input to this parameter.
