What is CVE-2023-0631?

CVE-2023-0631 is a vulnerability in Paid Memberships Pro, classified under CWE-89 SQL INJECTION. Published 2023-03-20.

Is CVE-2023-0631 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Paid Memberships Pro

CVE-2023-0631

The Paid Memberships Pro WordPress plugin before 2.9.12 does not prevent subscribers from rendering shortcodes that concatenate attributes directly into an SQL query.

EPSS: 0.597 (98.3th percentile) — read the EPSS interpretation.

Affected products

Unknown Paid Memberships Pro — versions 1.5.5

Public proof-of-concept exploits

20142995/nuclei-templates

References

wpscan.com/vulnerability/19ef92fd-b493-4488-91f0-e6ba51362f79 (exploit, vdb-entry, technical-description)

Frequently asked questions

What is CVE-2023-0631?: CVE-2023-0631 is a vulnerability in Paid Memberships Pro, classified under CWE-89 SQL INJECTION. Published 2023-03-20.
Is CVE-2023-0631 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.