50 thousand WordPress sites use Paid membership WP Plugin & suffer from SQL injection & CSRF to stored XSS

css.php