CVE-2021-20678

CWE-89SQL Injection3 documents3 sources
Severity
8.8HIGH
EPSS
2.5%
top 14.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Strangerstudios Paid Memberships PROStranger Studios Paid Memberships PRO
Timeline
PublishedMar 18
Latest updateMay 24

Description

SQL injection vulnerability in the Paid Memberships Pro versions prior to 2.5.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5stranger_studios/paid_memberships_proversions prior to 2.5.6

🔴Vulnerability Details

2
GHSA
GHSA-5hfp-hw26-8838: SQL injection vulnerability in the Paid Memberships Pro versions prior to 22022-05-24
CVEList
CVE-2021-20678: SQL injection vulnerability in the Paid Memberships Pro versions prior to 22021-03-18
CVE-2021-20678 (HIGH CVSS 8.8) | SQL injection vulnerability in the | cvebase.io