Lucene search
K

5 matches found

OSV
OSV
added 2023/03/20 3:52 p.m.17 views

CVE-2023-0631 Paid Memberships Pro < 2.9.12 - Subscriber+ SQL Injection

The Paid Memberships Pro WordPress plugin before 2.9.12 does not prevent subscribers from rendering shortcodes that concatenate attributes directly into an SQL query...

8.8CVSS7.2AI score0.60452EPSS
Exploits2References4
Cvelist
Cvelist
added 2023/03/20 3:52 p.m.28 views

CVE-2023-0631 Paid Memberships Pro < 2.9.12 - Subscriber+ SQL Injection

The Paid Memberships Pro WordPress plugin before 2.9.12 does not prevent subscribers from rendering shortcodes that concatenate attributes directly into an SQL query...

9.2AI score0.60452EPSS
Exploits2References1
CVE
CVE
added 2023/03/20 3:52 p.m.79 views

CVE-2023-0631

The Paid Memberships Pro WordPress plugin (pre-2.9.12) is affected: subscribers can render shortcodes that concatenate attributes directly into an SQL query, due to insufficient input handling. This creates an SQL injection vulnerability with high impact. The issue is fixed in version 2.9.12; use...

8.8CVSS8.9AI score0.60452EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/20 3:52 p.m.9 views

CVE-2023-0631 Paid Memberships Pro < 2.9.12 - Subscriber+ SQL Injection

The Paid Memberships Pro WordPress plugin before 2.9.12 does not prevent subscribers from rendering shortcodes that concatenate attributes directly into an SQL query...

9AI score0.60452EPSS
Exploits2References1
Patchstack
Patchstack
added 2023/02/28 12:0 a.m.10 views

WordPress Paid Memberships Pro Plugin <= 2.9.11 is vulnerable to SQL Injection

Software Paid Memberships Pro Type Plugin Vulnerable versions = 2.9.11 Fixed in 2.9.12 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0631 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID c680ed84c0a0 Credits Marc Montpas Required privilege Subscribe...

8.8CVSS7.2AI score0.60452EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder