CVE-2021-25114

CVE-2021-25114: Paid Memberships Pro < 2.6.7 - Unauthenticated Blind SQL Injection

Vendor Unknown
Product Paid Memberships Pro
Weakness CWE-89 · SQLi
Published February 7, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Paid Memberships Pro WordPress plugin before 2.6.7 does not escape the discount_code in one of its REST route (available to unauthenticated users) before using it in a SQL statement, leading to a SQL injection

Key dates

02Disclosure timeline

February 7, 2022 CVE published
August 3, 2024 Record updated