Lucene search
China National Vulnerability DatabaseCNVD-2022-82263HistoryMar 31, 2022 - 12:00 a.m.
Wordpress Plugin Paid Memberships Pro SQL Injection Vulnerability
2022-03-3100:00:00
China National Vulnerability Database
www.cnvd.org.cn
7
0.03 Low
EPSS
Percentile
91.0%
WordPress is a set of blogging platforms developed using the PHP language by the WordPress (Wordpress) Foundation. The platform supports setting up personal blog sites on PHP and MySQL servers. SQL injection vulnerability exists in versions prior to Wordpress Plugin Paid Memberships Pro 2.6.7. The vulnerability stems from the plugin’s failure to escape discount_code in its REST route before SQL statements are used, which can be exploited by attackers to cause SQL injection.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wordpress paid memberships pro | lt | 2.6.7 |
Related
patchstack
patchstack
prion
prion
Sql injection
2022-02-07 16:15:00
osv
osv
CVE-2021-25114
2022-02-07 16:15:46
cvelist
cvelist
wpvulndb
wpvulndb
Paid Memberships Pro < 2.6.7 - Unauthenticated Blind SQL Injection
2022-01-07 00:00:00
cve
cve
CVE-2021-25114
2022-02-07 16:15:46
cnvd
cnvd
Wordpress Plugin Paid Memberships Pro SQL Injection Vulnerability
2022-03-31 00:00:00
nuclei
nuclei
WordPress Paid Memberships Pro <2.6.7 - Blind SQL Injection
2023-02-06 12:09:04
openvas
openvas
WordPress Paid Memberships Pro Plugin < 2.6.7 SQLi Vulnerability
2022-02-22 00:00:00
nvd
nvd
CVE-2021-25114
2022-02-07 16:15:46
wpexploit
wpexploit
Paid Memberships Pro < 2.6.7 - Unauthenticated Blind SQL Injection
2022-01-07 00:00:00