← Back to CVE List
CVE-2021-25114
The Paid Memberships Pro WordPress plugin before 2.6.7 does not escape the discount_code in one of its REST route (available to unauthenticated users) before using it in a SQL statement, leading to a SQL injection
> MITRE Terms of Use apply – see LICENSE‑MITRE.txt