SQL Injection in Page Visit Counter plugin <= 4.0.9

There’s no escaping for $page_title = isset($_POST[‘page_name’]) ? $_POST[‘page_name’] : ”; and $page_date = isset($_POST[‘page_date’]) ? $_POST[‘page_date’] : ”; variables in function select_input_page_value function in class-page-visit-counter-admin.php file. In some circumstances, it’s possible to inject malicous SQL.