CVE-2021-20678

HIGH

Paid Memberships Pro <2.5.6 - SQL Injection

Title source: llm
STIX 2.1

Description

SQL injection vulnerability in the Paid Memberships Pro versions prior to 2.5.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.

References (3)

Core 3
Core References
Product, Third Party Advisory x_refsource_misc
https://wordpress.org/plugins/paid-memberships-pro/
Third Party Advisory x_refsource_misc
https://jvn.jp/en/jp/JVN08191557/index.html

Scores

CVSS v3 8.8
EPSS 0.0204
EPSS Percentile 79.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
strangerstudios/paid_memberships_pro < 2.5.6
Published Mar 18, 2021
Tracked Since Feb 18, 2026