5 matches found
CVE-2023-0631 Paid Memberships Pro < 2.9.12 - Subscriber+ SQL Injection
The Paid Memberships Pro WordPress plugin before 2.9.12 does not prevent subscribers from rendering shortcodes that concatenate attributes directly into an SQL query...
CVE-2023-0631 Paid Memberships Pro < 2.9.12 - Subscriber+ SQL Injection
The Paid Memberships Pro WordPress plugin before 2.9.12 does not prevent subscribers from rendering shortcodes that concatenate attributes directly into an SQL query...
CVE-2023-0631
The Paid Memberships Pro WordPress plugin (pre-2.9.12) is affected: subscribers can render shortcodes that concatenate attributes directly into an SQL query, due to insufficient input handling. This creates an SQL injection vulnerability with high impact. The issue is fixed in version 2.9.12; use...
CVE-2023-0631 Paid Memberships Pro < 2.9.12 - Subscriber+ SQL Injection
The Paid Memberships Pro WordPress plugin before 2.9.12 does not prevent subscribers from rendering shortcodes that concatenate attributes directly into an SQL query...
WordPress Paid Memberships Pro Plugin <= 2.9.11 is vulnerable to SQL Injection
Software Paid Memberships Pro Type Plugin Vulnerable versions = 2.9.11 Fixed in 2.9.12 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0631 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID c680ed84c0a0 Credits Marc Montpas Required privilege Subscribe...