Vulnerabilities

CVE-2021-20678

March 23, 2021

SQL injection vulnerability in the Paid Memberships Pro versions prior to 2.5.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.

Summary:

SQL injection vulnerability in the Paid Memberships Pro versions prior to 2.5.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.

Reference Links(if available):

https://www.paidmembershipspro.com/pmpro-update-2-5-6/

https://wordpress.org/plugins/paid-memberships-pro/

https://jvn.jp/en/jp/JVN08191557/index.html

CVSS Score (if available)

v2: / MEDIUM

v3: /

Links to Exploits(if available)

Tags: CVE, CVE-2021-20678, MISC, Vendor Advisory, vulnerability

CVE-2021-20678

Summary:

Reference Links(if available):

CVSS Score (if available)

Links to Exploits(if available)

T2 – 94,584 breached accounts

CISA: CISA Releases Three Industrial Control Systems Advisories

CISA: CISA Releases Four Industrial Control Systems Advisories

CISA: Oracle Releases Critical Patch Update Advisory for April 2024

CISA: Joint Guidance on Deploying AI Systems Securely

Summary:

Reference Links(if available):

CVSS Score (if available)

Links to Exploits(if available)

You may have missed

T2 – 94,584 breached accounts

CISA: CISA Releases Three Industrial Control Systems Advisories

CISA: CISA Releases Four Industrial Control Systems Advisories

CISA: Oracle Releases Critical Patch Update Advisory for April 2024

CISA: Joint Guidance on Deploying AI Systems Securely