What the vulnerability does
01Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows SQL Injection.This issue affects Paid Member Subscriptions: from n/a through <= 2.15.1.
Explanation of Vulnerability in Simple Terms
02Summary
Paid Member Subscriptions versions up to 2.15.1 contain a SQL injection vulnerability in database query handling. An attacker with network access can craft malicious input to extract sensitive data from the site's database, including user credentials and subscription information. The vulnerability requires specific conditions to exploit but can compromise confidentiality across the entire application.
What an attacker can do
03Attacker Capabilities
Extract sensitive data from the site's database, including user credentials and subscription records.
Potential impact on your site
04Site Impact
User data, passwords, and subscription information may be exposed to unauthorized access.
Conditions required to exploit
05Prerequisites
Network access; no authentication or user interaction required, but exploitation requires specific technical conditions.
Key dates
06Disclosure timeline
July 4, 2025
CVE published
May 12, 2026
Record updated