The Infility Global WordPress plugin before 2.15.19 does not properly sanitize and escape some parameters before using them in SQL statements, leading to a SQL Injection vulnerability exploitable by authenticated users with Subscriber-level access and above.
https://wpscan.com/vulnerability/e471516a-6f43-4a89-8486-7a638845e197/