The SQL injection vulnerability, tracked as CVE-2023-6063 and with a high-severity score of 8.6, can be exploited by manipulating a cookie value to execute unauthorized SQL queries. Over 600,000 websites are still running the vulnerable plugin.