WordPress Plugin Vulnerabilities

Paid Memberships Pro < 2.6.7 - Unauthenticated Blind SQL Injection

Description

The plugin does not escape the discount_code in one of its REST route (available to unauthenticated users) before using it in a SQL statement, leading to a SQL injection

Proof of Concept

Affects Plugins

Plugin icon
paid-memberships-pro
Fixed in 2.6.7

References

CVE
CVE-2021-25114
URL
https://www.paidmembershipspro.com/pmpro-update-2-6-7-security-release/

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
10.0 (critical)

Miscellaneous

Original Researcher
Krzysztof Zając
Submitter
Krzysztof Zając
Submitter website
https://kazet.cc/
Verified
Yes
WPVDB ID
6c25a5f0-a137-4ea5-9422-8ae393d7b76b

Timeline

Publicly Published
2022-01-07 (about 3 years ago)
Added
2022-01-07 (about 3 years ago)
Last Updated
2022-04-12 (about 3 years ago)

Other

Published
Title
Published
2024-10-14
Title
CSV Product Import Export for WooCommerce <= 1.0.0 - Authenticated (Subscriber+) SQL Injection
Published
2022-10-03
Title
WP ALL Export Pro < 1.7.9 - Authenticated SQLi
Published
2019-05-20
Title
FV Flowplayer Video Player < 7.3.15.727 - SQL Injection
Published
2025-01-08
Title
WooCommerce Checkout & Funnel Builder by FunnelKit < 3.10.2 - Admin+ SQL Injection
Published
2023-12-28
Title
Most And Least Read Posts Widget <=2.5.16 - Authenticated(Contributor+) SQL Injection via Widget settings