CVE-2021-25114 Scanner
CVE-2021-25114 scanner - SQL Injection vulnerability in Paid Memberships Pro plugin for Wordpress
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 month
Scan only one
Domain, IPv4, Subdomain
Toolbox
-
Paid Memberships Pro is a popular WordPress plugin used for managing membership sites. It provides various features like creating and managing membership levels, handling payments, and restricting access to content. With over 100,000 active installations, this plugin is widely used by many companies and organizations to provide their users with exclusive content and services.
Recently, a vulnerability was detected in the Paid Memberships Pro plugin, known as CVE-2021-25114. This vulnerability is related to the plugin's REST route, which is accessible to unauthenticated users. The plugin does not properly escape the discount code parameter before using it in a SQL statement, which leads to SQL injection. This vulnerability allows attackers to inject malicious SQL queries into the database, which can compromise the security of the application and sensitive user data.
Exploiting this vulnerability can lead to severe consequences for a website. Attackers can steal sensitive user information like usernames, emails, and passwords stored in the database. They can also alter or delete data, damage the website's functionality, or even take full control of the website. As a result, users' trust in the company or organization can be severely impacted, leading to a loss of business and reputation.
In conclusion, the Paid Memberships Pro plugin vulnerability CVE-2021-25114 is a severe security risk for websites using this plugin. To ensure the safety and security of their digital assets, website administrators must take necessary precautions and implement proper security measures. With the pro features of s4e.io, users can easily and quickly learn about vulnerabilities in their digital assets, including the Paid Memberships Pro plugin. Being aware of such vulnerabilities can help users take necessary steps to protect their website and prevent potential threats.
REFERENCES
