CVE-2023-23488

CRITICAL EXPLOITED NUCLEI LAB

Paid Memberships Pro < 2.9.8 - Unauthenticated SQL Injection via Order REST Route Code Parameter

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2023-23488 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 5 public exploits from researchers including r3nt0n, cybfar, long-rookie, including a Metasploit module auxiliary/scanner/http/wp_paid_membership_pro_code_sqli. A Nuclei detection template is also available.

AI-analyzed exploit summary This script checks for the presence of an unauthenticated time-based blind SQL injection vulnerability in Paid Memberships Pro WordPress plugin versions < 2.9.8. It does not directly exploit the vulnerability but generates sqlmap commands for further exploitation.

Description

The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerability in the 'code' parameter of the '/pmpro/v1/order' REST route.

Exploits (5)

exploitdb SCANNER VERIFIED
by r3nt0n · pythonwebappsphp
https://www.exploit-db.com/exploits/51235

This script checks for the presence of an unauthenticated time-based blind SQL injection vulnerability in Paid Memberships Pro WordPress plugin versions < 2.9.8. It does not directly exploit the vulnerability but generates sqlmap commands for further exploitation.

Classification
Scanner 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Paid Memberships Pro WordPress Plugin < 2.9.8
No auth needed
Prerequisites: Target URL with vulnerable Paid Memberships Pro plugin
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec SCANNER 1 stars
by cybfar · remote
https://github.com/cybfar/CVE-2023-23488-pmpro-2.8

The repository contains a Python script that checks for the presence of an unauthenticated SQL injection vulnerability (CVE-2023-23488) in the Paid Memberships Pro WordPress plugin. It does not directly exploit the vulnerability but generates sqlmap commands for further exploitation.

Classification
Scanner 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: Paid Memberships Pro WordPress Plugin < 2.9.8
No auth needed
Prerequisites: Target running WordPress with vulnerable Paid Memberships Pro plugin
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by long-rookie · poc
https://github.com/long-rookie/CVE-2023-23488-PoC

This repository contains a functional Python script that tests for an unauthenticated time-based blind SQL injection vulnerability in the Paid Memberships Pro WordPress plugin (CVE-2023-23488). The script confirms vulnerability by measuring response delays and provides sqlmap commands for exploitation.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: Paid Memberships Pro < 2.9.8 (WordPress Plugin)
No auth needed
Prerequisites: Target running WordPress with vulnerable Paid Memberships Pro plugin · Network access to the target
devstral-2 · analyzed Feb 18, 2026 Full analysis →
vulncheck_xdb WRITEUP
remote
https://github.com/Manh130902/wordpress

The repository contains detailed technical analysis and proof-of-concept code for multiple WordPress plugin vulnerabilities, including SQL injection, CSV injection, and unauthenticated database reset. The README files provide in-depth explanations of the vulnerabilities, affected functions, and exploitation steps.

Classification
Writeup 95%
Attack Type
Sqli | Auth Bypass | Other
Complexity
Moderate
Reliability
Reliable
Target: WordPress plugins (wpstatistics, Import Export WordPress Users, Database Reset)
Auth required
Prerequisites: access to WordPress admin panel · specific plugin versions
devstral-2 · analyzed Feb 25, 2026 Full analysis →
metasploit WORKING POC
by h00die, Joshua Martinelle · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/wp_paid_membership_pro_code_sqli.rb

This Metasploit module exploits an unauthenticated SQL injection vulnerability in the WordPress Paid Membership Pro plugin (CVE-2023-23488) via the `code` parameter to dump usernames and password hashes from the `wp_users` table.

Classification
Working Poc 100%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: WordPress Paid Membership Pro < 2.9.8
No auth needed
Prerequisites: WordPress installation with vulnerable Paid Membership Pro plugin
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

WordPress Paid Memberships Pro <2.9.8 - Blind SQL Injection
CRITICALVERIFIEDby dwisiswant0
Shodan: http.html:/wp-content/plugins/paid-memberships-pro/
FOFA: body=/wp-content/plugins/paid-memberships-pro/

References (2)

Core 2

Scores

CVSS v3 9.8
EPSS 0.8383
EPSS Percentile 99.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Lab Environment

COMMUNITY
Community Lab
docker pull wordpress:latest
+1 more repos

Details

VulnCheck KEV 2023-01-14
CWE
CWE-89
Status published
Products (1)
strangerstudios/paid_memberships_pro < 2.9.8
Published Jan 20, 2023
Tracked Since Feb 18, 2026