CVE-2021-25114

Name of the Vulnerable Software and Affected Versions Paid Memberships Pro WordPress plugin versions prior to 2.6.7

Description The issue concerns a SQL injection problem. It occurs because the discount code is not properly escaped before being used in a SQL statement, specifically in one of the plugin's REST routes that is accessible to unauthenticated users.

Recommendations For versions prior to 2.6.7, update to version 2.6.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable REST route until the update can be applied.