The PayPlus Payment Gateway WordPress plugin before 6.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement via a WooCommerce API route available to unauthenticated users, leading to an SQL injection vulnerability.
https://wpscan.com/vulnerability/7e2c5032-2917-418c-aee3-092bdb78a087/