This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Blind SQL Injection in WordPress Plugin **Paid Memberships Pro**. <br>π₯ **Consequences**: Attackers can execute malicious SQL statements, potentially stealing sensitive data or modifying site content.
Q2Root Cause? (CWE/Flaw)
π‘οΈ **Root Cause**: **CWE-89** (SQL Injection). <br>π **Flaw**: The plugin fails to sanitize/escape the **`discount_code`** parameter in a REST route before using it in a SQL query.
β‘ **Threshold**: **Low**. <br>π **Auth**: Likely unauthenticated or low-privilege access required, as it targets a public-facing REST route involving discount codes.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π **Public Exp?**: **Yes**. <br>π **PoC**: Available via **Nuclei templates** (ProjectDiscovery) and referenced in WPScan. Wild exploitation is possible.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: <br>1. Scan for **Paid Memberships Pro** plugin. <br>2. Check version number (< 2.6.7). <br>3. Use Nuclei template `CVE-2021-25114.yaml` for automated detection.
Q8Is it fixed officially? (Patch/Mitigation)
β **Fixed?**: **Yes**. <br>π οΈ **Patch**: Update to **version 2.6.7** or later. The security release addresses the input validation flaw.
Q9What if no patch? (Workaround)
π§ **No Patch Workaround**: <br>1. **Disable** the plugin immediately if update is impossible. <br>2. Implement **WAF rules** to block SQL injection patterns in the `discount_code` parameter.
Q10Is it urgent? (Priority Suggestion)
π₯ **Urgency**: **HIGH**. <br>β³ **Priority**: Patch immediately. Since it is a blind SQLi in a popular plugin, automated scanners and attackers are actively probing for this.