WordPress is a set of blogging platforms developed using the PHP language by the WordPress (Wordpress) Foundation. The platform supports setting up personal blog sites on PHP and MySQL servers. SQL injection vulnerability exists in versions prior to Wordpress Plugin Paid Memberships Pro 2.6.7. The vulnerability stems from the plugin’s failure to escape discount_code in its REST route before SQL statements are used, which can be exploited by attackers to cause SQL injection.
CPE | Name | Operator | Version |
---|---|---|---|
wordpress paid memberships pro | lt | 2.6.7 |