CVE

CVE-2021-25114

admin

CVE-2021-25114

The Paid Memberships Pro WordPress plugin before 2.6.7 does not escape the discount_code in one of its REST route (available to unauthenticated users) before using it in a SQL statement, leading to a SQL injection

Source: CVE-2021-25114

Exit mobile version