CVE-2023-0631

The Paid Memberships Pro WordPress plugin before 2.9.12 does not prevent subscribers from rendering shortcodes that concatenate attributes directly into an SQL query. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt