CVE-2023-0254
The CVE-2023-0254 entry concerns the WordPress plugin Simple Membership WP user Import (versions up to 1.7). The root cause is insufficient escaping of the orderby parameter, enabling an authenticated administrator to inject SQL into existing queries and potentially extract sensitive data from th...