CVE-2023-23488
Description
The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerability in the 'code' parameter of the '/pmpro/v1/order' REST route.
NVD
Severity: CRITICAL
CVE ID: CVE-2023-23488
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
Nuclei Templates for CVE-2023-23488
Refrence: Project Discovery GitHub
r3nt0n
Unauthenticated SQL Injection - Paid Memberships Pro < 2.9.8 (WordPress Plugin)
Refrence: GitHub
cybfar
Paid Memberships Pro v2.9.8 (WordPress Plugin) - Unauthenticated SQL Injection
Refrence: GitHub