WordPress is a set of blogging platforms developed using the PHP language by the WordPress (Wordpress) Foundation. A SQL injection vulnerability exists in versions of Wordpress Plugin Paid Memberships Pro prior to 2.6.7, which stems from the plugin’s failure to escape the discount_code in one of its REST routes (available to unauthenticated users) before it is used in an SQL statement. statements.
CPE | Name | Operator | Version |
---|---|---|---|
wordpress paid memberships pro plugin | lt | 2.6.7 |