CVE-2017-18614

The kama-clic-counter plugin 3.4.9 for WordPress has SQL injection via the admin.php order parameter.
Source: NIST
CVE-2017-18614