WordPress Plugin Vulnerabilities

Paid Membership Pro < 2.9.8 - Unauthenticated SQLi

Description

The plugin does not properly sanitise and escape the code parameter before using it in a SQL statement via the /pmpro/v1/order REST route, leading to a SQL injection exploitable by unauthenticated users

Proof of Concept

Affects Plugins

Plugin icon
paid-memberships-pro
Fixed in 2.9.8

References

CVE
CVE-2023-23488
URL
https://www.tenable.com/security/research/tra-2023-2

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
8.6 (high)

Miscellaneous

Original Researcher
Joshua Martinelle (Tenable)
Verified
No
WPVDB ID
9847ea7f-b3c3-4304-a03b-152264ddccfa

Timeline

Publicly Published
2023-01-12 (about 3 years ago)
Added
2023-01-20 (about 3 years ago)
Last Updated
2023-01-20 (about 3 years ago)

Other

Published
Title
Published
2023-09-25
Title
WPSchoolPress < 2.2.5 - Teacher+ SQLi
Published
2022-02-28
Title
NotificationX < 2.3.12 - Unauthenticated SQLi
Published
2026-01-20
Title
MailerLite – WooCommerce integration < 3.1.3 - Unauthenticated SQL Injection
Published
2025-10-08
Title
Community Events < 1.5.2 - Unauthenticated SQL Injection
Published
2021-01-29
Title
Modern Events Calendar Lite < 5.16.6 - Authenticated SQL Injection