CVE-2023-0631 Information

Description

The Paid Memberships Pro WordPress plugin before 2.9.12 does not prevent subscribers from rendering shortcodes that concatenate attributes directly into an SQL query.

Reference

https://wpscan.com/vulnerability/19ef92fd-b493-4488-91f0-e6ba51362f79