Lucene search

K
cvelistWPScanCVELIST:CVE-2023-0631
HistoryMar 20, 2023 - 3:52 p.m.

CVE-2023-0631 Paid Memberships Pro < 2.9.12 - Subscriber+ SQL Injection

2023-03-2015:52:10
WPScan
www.cve.org
paid memberships pro
wordpress
plugin
sql injection
cve-2023-0631
subscriber

AI Score

9.2

Confidence

High

EPSS

0.001

Percentile

36.5%

The Paid Memberships Pro WordPress plugin before 2.9.12 does not prevent subscribers from rendering shortcodes that concatenate attributes directly into an SQL query.

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Paid Memberships Pro",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "1.5.5",
        "lessThan": "2.9.12"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

AI Score

9.2

Confidence

High

EPSS

0.001

Percentile

36.5%