CVE-2018-11309

Published: 2018-05-28T16:29Z

Last Modified: 2024-11-21T03:43Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

Blind SQL injection in coupon_code in the MemberMouse plugin 2.2.8 and prior for WordPress allows an unauthenticated attacker to dump the WordPress MySQL database via an applyCoupon action in an admin-ajax.php request. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt