CVE-2023-23488

The repository contains a Python script that checks for the presence of an unauthenticated SQL injection vulnerability (CVE-2023-23488) in the Paid Memberships Pro WordPress plugin. It does not directly exploit the vulnerability but generates sqlmap commands for further exploitation.

This repository contains a functional Python script that tests for an unauthenticated time-based blind SQL injection vulnerability in the Paid Memberships Pro WordPress plugin (CVE-2023-23488). The script confirms vulnerability by measuring response delays and provides sqlmap commands for exploitation.

This script checks for the presence of an unauthenticated time-based blind SQL injection vulnerability in Paid Memberships Pro WordPress plugin versions < 2.9.8. It does not directly exploit the vulnerability but generates sqlmap commands for further exploitation.

The repository contains detailed technical analysis and proof-of-concept code for multiple WordPress plugin vulnerabilities, including SQL injection, CSV injection, and unauthenticated database reset. The README files provide in-depth explanations of the vulnerabilities, affected functions, and exploitation steps.

This Metasploit module exploits an unauthenticated SQL injection vulnerability in the WordPress Paid Membership Pro plugin (CVE-2023-23488) via the `code` parameter to dump usernames and password hashes from the `wp_users` table.