The PayPlus Payment Gateway WordPress plugin before 6.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement via a WooCommerce API route available to unauthenticated users, leading to an SQL injection vulnerability.
View the template here CVE-2024-6205.yaml
References:
https://wpscan.com/vulnerability/7e2c5032-2917-418c-aee3-092bdb78a087