The vulnerability arises due to insufficient escaping of user-supplied input in the 'id' parameter, coupled with a lack of adequate preparation of SQL queries. This flaw allows attackers to inject arbitrary SQL commands into the query, which could potentially lead to a full compromise of the site's database. By exploiting this vulnerability, an attacker could gain access to sensitive information such as user credentials and confidential data. The attack does not require authentication, making it more dangerous as it can be executed by anyone with access to the vulnerable input. The SQL Injection could also be used to modify or delete database records, further impacting the integrity of the website. Ensuring safe database interactions by implementing prepared statements and parameterized queries is crucial to mitigate such risks.

To mitigate this vulnerability, immediately apply security best practices such as using prepared statements and input validation for all database interactions. Escaping user input before it is included in SQL queries is essential to prevent unauthorized command execution. Additionally, consider implementing a Web Application Firewall (WAF) to block exploit attempts and regularly audit and update all installed plugins for the latest security patches.