cbcvebase.
CVE-2021-25114
published 2022-02-07

CVE-2021-25114: The Paid Memberships Pro WordPress plugin before 2.6.7 does not escape the discount_code in one of its REST route (available to unauthenticated users) before…

PriorityP187critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
82.25%
99.6th percentile
The Paid Memberships Pro WordPress plugin before 2.6.7 does not escape the discount_code in one of its REST route (available to unauthenticated users) before using it in a SQL statement, leading to a SQL injection

Affected

3 ranges
VendorProductVersion rangeFixed in
strangerstudiospaid_memberships_pro>= 2.4 < 2.4.52.4.5
strangerstudiospaid_memberships_pro>= 2.5 < 2.5.112.5.11
strangerstudiospaid_memberships_pro>= 2.6 < 2.6.72.6.7

Detection & IOCsextracted from sources · hover to see the quote

url/wp-json/pmpro/v1/order?code=
sigma
contains(header_1, 'application/json') AND status_code == 200 AND contains(body_2, 'other_discount_code_')
  • The vulnerable REST route is accessible to unauthenticated users; monitor for SQL injection payloads in the 'discount_code' parameter of the Paid Memberships Pro REST endpoint.
  • Successful exploitation responses will return HTTP 200 with Content-Type application/json and a body containing the string 'other_discount_code_'; use this as a detection fingerprint.
  • ·The vulnerability affects Paid Memberships Pro WordPress plugin versions before 2.6.7; ensure patched version is deployed.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.