Vulnerability in WordPress plugin "Paid membership subscriptions" patched, protecting against SQL injections
A critical security vulnerability has been discovered in the widely-used WordPress plugin "Paid Membership Subscriptions." The flaw, identified by security researcher ChuongVN from Patchstack Alliance, allows unauthenticated SQL injection attacks, potentially putting sensitive data at risk.
The vulnerability (CVE-2025-49870) arises during the processing of PayPal Instant Payment Notifications (IPN). The plugin extracts a payment ID directly from user-submitted data and inserts it into a database query without validation, making it susceptible to SQL injection. This could enable attackers to view sensitive data or modify existing datasets through targeted manipulation.
Versions 2.15.1 and older are affected by this vulnerability. However, with the update to version 2.15.2, developers have implemented measures such as ensuring the payment ID is numeric before use, replacing vulnerable query concatenation with prepared SQL statements, and strengthening security checks during user input processing.
Prepared statements are a safest method to prevent SQL injection, as they validate each variable individually, effectively eliminating the risk of SQL injection. Patchstack also recommends always using secure escape functions and checking user inputs before SQL query execution.
Website operators using the "Paid Membership Subscriptions" plugin are advised to update to version 2.15.2 immediately to protect their sites from potential attacks.
In other news, Israel's National Digital Agency has unveiled a global cyber attack campaign named "ShadowCaptcha." Further details about this campaign were not provided in the available sources.
It's also worth noting that end of support for older WordPress installations, specifically versions 4.1 to 4.6, has been announced. Action is required for these older installations to ensure continued security.
Image Source: Depositphotos
SQL injection can compromise entire databases, making it one of the most serious web security issues. It's crucial for all WordPress users to stay vigilant and keep their plugins updated to maintain the security of their websites.
Read also:
- Peptide YY (PYY): Exploring its Role in Appetite Suppression, Intestinal Health, and Cognitive Links
- House Infernos: Deadly Hazards Surpassing the Flames
- Rare Genetic Disease Affecting a Child: Lend a Hand to Those in Need
- Aspergillosis: Recognizing Symptoms, Treatment Methods, and Knowing When Medical Attention is Required
