A vulnerability was found in DataInjection Plugin up to 2.15.6 and classified as critical. Affected by this issue is the function
SLEEP of the file import.php of the component Data Injection Feature. The manipulation of the argument mapped results in sql injection.
This vulnerability was named CVE-2026-11321. The attack may be performed from remote. There is no available exploit.