Lucene search
WPScanCVELIST:CVE-2021-25114HistoryFeb 07, 2022 - 3:47 p.m.
CVE-2021-25114 Paid Memberships Pro < 2.6.7 - Unauthenticated Blind SQL Injection
2022-02-0715:47:24
CWE-89
WPScan
www.cve.org
0.03 Low
EPSS
Percentile
91.0%
The Paid Memberships Pro WordPress plugin before 2.6.7 does not escape the discount_code in one of its REST route (available to unauthenticated users) before using it in a SQL statement, leading to a SQL injection
CNA Affected
[
{
"product": "Paid Memberships Pro",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.6.7",
"status": "affected",
"version": "2.6.7",
"versionType": "custom"
}
]
}
]Related
prion
prion
Sql injection
2022-02-07 16:15:00
patchstack
patchstack
osv
osv
CVE-2021-25114
2022-02-07 16:15:46
wpvulndb
wpvulndb
Paid Memberships Pro < 2.6.7 - Unauthenticated Blind SQL Injection
2022-01-07 00:00:00
cnvd
cnvd
Wordpress Plugin Paid Memberships Pro SQL Injection Vulnerability
2022-03-31 00:00:00
Wordpress Plugin Paid Memberships Pro SQL Injection Vulnerability
2022-03-31 00:00:00
cve
cve
CVE-2021-25114
2022-02-07 16:15:46
nuclei
nuclei
WordPress Paid Memberships Pro <2.6.7 - Blind SQL Injection
2023-02-06 12:09:04
openvas
openvas
WordPress Paid Memberships Pro Plugin < 2.6.7 SQLi Vulnerability
2022-02-22 00:00:00
nvd
nvd
CVE-2021-25114
2022-02-07 16:15:46
wpexploit
wpexploit
Paid Memberships Pro < 2.6.7 - Unauthenticated Blind SQL Injection
2022-01-07 00:00:00