The plugin does not sanitise and escape some parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
View the template here CVE-2022-4059.yaml
References:
https://wpscan.com/vulnerability/d94bb664-261a-4f3f-8cc3-a2db8230895d