CVE-2020-5579

HIGH

Paid Memberships <2.3.3 - SQL Injection

Title source: llm
STIX 2.1

Description

SQL injection vulnerability in the Paid Memberships versions prior to 2.3.3 allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors.

References (2)

Core 2
Core References
Third Party Advisory x_refsource_misc
https://jvn.jp/en/jp/JVN20248858/index.html

Scores

CVSS v3 7.2
EPSS 0.0119
EPSS Percentile 64.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
strangerstudios/paid_memberships_pro < 2.3.3
Published May 20, 2020
Tracked Since Feb 18, 2026