CVE-2023-0631

Paid Memberships Pro < 2.9.12 - Subscriber+ SQL Injection

EPSS 60.5%CWE-89

The Paid Memberships Pro WordPress plugin before 2.9.12 does not prevent subscribers from rendering shortcodes that concatenate attributes directly into an SQL query.

Affected products

Unknown · Paid Memberships Pro

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://wpscan.com/vulnerability/19ef92fd-b493-4488-91f0-e6ba51362f79