The plugin was affected by an authenticated SQL Injection when filtering users in the dashboard, as the order parameter was not properly validated/sanitised before being added to a SQL statement.
CPE | Name | Operator | Version |
---|---|---|---|
paid-memberships-pro | lt | 2.5.6 |