daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhancement: cves/2023/CVE-2023-23488.yaml by md

patch-1
MostInterestingBotInTheWorld 2023-03-07 16:52:58 -05:00
parent 2cf4e167a2
commit fdbe49059b
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cves/2023/CVE-2023-23488.yaml
View File

@ -1,11 +1,11 @@
id: CVE-2023-23488
info:
name: Paid Memberships Pro < 2.9.8 - Unauthenticated Blind SQLi
name: WordPress Paid Memberships Pro <2.9.8 - Blind SQL Injection
author: dwisiswant0
severity: critical
description: |
The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerability in the 'code' parameter of the '/pmpro/v1/order' REST route.
WordPress Paid Memberships Pro plugin before 2.9.8 contains a blind SQL injection vulnerability in the 'code' parameter of the /pmpro/v1/order REST route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
reference:
- https://www.tenable.com/security/research/tra-2023-2
- https://wordpress.org/plugins/paid-memberships-pro/
@ -37,3 +37,5 @@ requests:
- status_code_1 != 403 # Wordfence
- contains(body_2, "pmpro_updates")
condition: and
# Enhanced by md on 2023/03/07