A critical SQL injection vulnerability was found in the WordPress Paid Membership Subscriptions plugin, affecting versions 2.15.1 and below. The issue has been fixed in version 2.15.2, emphasizing the importance of updating for security. #WordPress #SQLInjection
Keypoints
- The vulnerability affects the plugin versions 2.15.1 and earlier.
- The flaw was caused by improper handling of PayPal IPN data, leading to SQL injection risks.
- Attackers can inject malicious SQL queries without needing login credentials.
- The developers addressed the flaw in version 2.15.2 by adopting prepared statements and input validation.
- Site owners are urged to upgrade immediately to prevent potential exploitation.
Read More: https://www.infosecurity-magazine.com/news/sqli-threat-wordpress-memberships/