Vulnerability CVE-2023-0631
Published: 2023-03-20

Description:
The Paid Memberships Pro WordPress plugin before 2.9.12 does not prevent subscribers from rendering shortcodes that concatenate attributes directly into an SQL query.

Type:

CWE-89

 (Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))

 References:
https://wpscan.com/vulnerability/19ef92fd-b493-4488-91f0-e6ba51362f79
Copyright 2026, cxsecurity.com

 

Back to Top