Security Advisory

CVE-2021-25114

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-02-07 15:47:24

Last updated 2024-08-03 19:56:10

Assigner WPScan

State PUBLISHED

Description

The Paid Memberships Pro WordPress plugin before 2.6.7 does not escape the discount_code in one of its REST route (available to unauthenticated users) before using it in a SQL statement, leading to a SQL injection

← Browse all CVEs View on cve.org ↗