CVE-2023-0631

Paid Memberships Pro < 2.9.12 - Subscriber+ SQL Injection

EPSS 60.5%CWE-89

The Paid Memberships Pro WordPress plugin before 2.9.12 does not prevent subscribers from rendering shortcodes that concatenate attributes directly into an SQL query.

Produtos afetados

Unknown · Paid Memberships Pro

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://wpscan.com/vulnerability/19ef92fd-b493-4488-91f0-e6ba51362f79