CVE-2023-23488

🗓️ 20 Jan 2023 00:00:00Reported by tenableType

cve🔗 web.nvd.nist.gov👁 217 Views🌐 WEB

The Paid Memberships Pro WordPress Plugin is affected by an unauthenticated SQL injection vulnerability

Reporter	Title	Published	Views	Family All 21
0day.today	WordPress Paid Memberships Pro v2.9.8 Plugin - Unauthenticated SQL Injection Exploit	3 Apr 202300:00	–	zdt
Circl	CVE-2023-23488	15 Jan 202309:28	–	circl
CNNVD	WordPress Plugin The Paid Memberships Pro SQL注入漏洞	20 Jan 202300:00	–	cnnvd
Cvelist	CVE-2023-23488	20 Jan 202300:00	–	cvelist
Exploit DB	Paid Memberships Pro v2.9.8 (WordPress Plugin) - Unauthenticated SQL Injection	3 Apr 202300:00	–	exploitdb
Metasploit	Wordpress Paid Membership Pro code Unauthenticated SQLi	19 Jan 202319:51	–	metasploit
Nuclei	WordPress Paid Memberships Pro <2.9.8 - Blind SQL Injection	2 Jun 202610:14	–	nuclei
NVD	CVE-2023-23488	20 Jan 202318:15	–	nvd
OpenVAS	WordPress Paid Memberships Pro Plugin < 2.9.8 SQLi Vulnerability	23 Jan 202300:00	–	openvas
Packet Storm	WordPress Paid Memberships Pro 2.9.8 SQL Injection	3 Apr 202300:00	–	packetstorm

NVD

Node

strangerstudios paid_memberships_proRange<2.9.8wordpress

[
  {
    "vendor": "n/a",
    "product": "Paid Memberships Pro WordPress Plugin",
    "versions": [
      {
        "version": "< 2.9.8",
        "status": "affected"
      }
    ]
  }
]

Source	Link
packetstormsecurity	www.packetstormsecurity.com/files/171661/WordPress-Paid-Memberships-Pro-2.9.8-SQL-Injection.html
tenable	www.tenable.com/security/research/tra-2023-2

Parameter	Position	Path	Description	CWE
code	query param	/?rest_route=/pmpro/v1/order	Unauthenticated SQL injection in Paid Memberships Pro REST route via the code parameter	CWE-89

03 Apr 2025 20:15Current

9.6High risk

Vulners AI Score9.6

CVSS 3.19.8

EPSS0.83832

SSVC

CWE-89