CVE-2023-0631

Paid Memberships Pro < 2.9.12 - Subscriber+ SQL Injection

EPSS 60.5%CWE-89

The Paid Memberships Pro WordPress plugin before 2.9.12 does not prevent subscribers from rendering shortcodes that concatenate attributes directly into an SQL query.

Productos afectados

Unknown · Paid Memberships Pro

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://wpscan.com/vulnerability/19ef92fd-b493-4488-91f0-e6ba51362f79