The Paid Memberships Pro WordPress plugin prior to 2.6.7 does not escape the discount_code in one of its REST route (available to unauthenticated users) before using it in a SQL statement, leading to a SQL injection
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
strangerstudios paid memberships pro |