CVE 2020-5579

SQL injection vulnerability in the Paid Memberships versions prior to 2.3.3 allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors.

See the CVE page on Mitre.org for more details.