awesome!

specifically, where in the code is the vuln coming from?

I’m not familiar with SQL Injection bugs.

https://patchstack.com/database/vulnerability/pre-party-browser-hints/wordpress-pre-party-resource-hints-plugin-1-8-18-sql-injection-vulnerability?_a_id=110

that link is basically worthless, because it doesn’t mention anything specific about the bug. There are no steps to reproduce it, or any lines of code mentioned that are vulnerable.