CVE-2020-27481

An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin <= 2.1.4 exists due to the usage of «wp_ajax_nopriv» call in WordPress, which allows any unauthenticated user to get access to the function «gdlr_lms_cancel_booking» where POST Parameter «id» was sent straight into SQL query without sanitization.