The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL Injection via the order parameter. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
