CVE-2021-25114 – This vulnerability allows unauthenticated attac... (How to Fix)

Q: What is the severity of CVE-2021-25114?

CVE-2021-25114 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress sites running vulnerable versions of the Paid Memberships Pro plugin. Attackers can potentially read, modify, or delete database content, including sensitive user data. All WordPress sites with the affected plugin versions are vulnerable.

📋 TL;DR

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress sites running vulnerable versions of the Paid Memberships Pro plugin. Attackers can potentially read, modify, or delete database content, including sensitive user data. All WordPress sites with the affected plugin versions are vulnerable.

💻 Affected Systems

Products:

Paid Memberships Pro WordPress Plugin

Versions: All versions before 2.6.7

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is in a REST endpoint accessible to unauthenticated users, making all default installations vulnerable.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, privilege escalation, remote code execution, or site takeover.

🟠

Likely Case

Data exfiltration of user information, membership data, and potentially administrative credentials stored in the database.

🟢

If Mitigated

Limited impact if proper input validation and WAF rules block malicious SQL injection attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection via discount_code parameter in REST API endpoint requires minimal technical skill to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.6.7

Vendor Advisory: https://www.paidmembershipspro.com/pmpro-update-2-6-7-security-release/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Paid Memberships Pro. 4. Click 'Update Now' if update is available. 5. Alternatively, download version 2.6.7+ from WordPress.org and manually update.

🔧 Temporary Workarounds

Disable vulnerable REST endpoint

all

Remove or restrict access to the affected REST API endpoint until patching is possible.

Add to theme's functions.php: remove_action('rest_api_init', 'pmpro_rest_api_init');

Web Application Firewall rule

all

Block SQL injection attempts targeting the discount_code parameter in REST requests.

WAF rule: Block requests containing SQL injection patterns in discount_code parameter of /wp-json/pmpro/v1/order endpoints

🧯 If You Can't Patch

Temporarily disable the Paid Memberships Pro plugin if not critically needed
Implement strict network-level filtering to block external access to /wp-json/pmpro/* endpoints

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin > Plugins > Installed Plugins for Paid Memberships Pro version. If version is below 2.6.7, system is vulnerable.

Check Version:

wp plugin list --name=paid-memberships-pro --field=version

Verify Fix Applied:

Confirm plugin version is 2.6.7 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL errors in WordPress debug logs
Multiple failed REST API requests to /wp-json/pmpro/v1/order with SQL patterns in parameters

Network Indicators:

HTTP POST requests to /wp-json/pmpro/v1/order containing SQL keywords (UNION, SELECT, etc.) in discount_code parameter

SIEM Query:

source="wordpress.log" AND "discount_code" AND ("UNION" OR "SELECT" OR "INSERT" OR "DELETE")

📊 Metadata

CVE ID: CVE-2021-25114

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: February 7, 2022

Last Updated: November 21, 2024

🔗 References

https://wpscan.com/vulnerability/6c25a5f0-a137-4ea5-9422-8ae393d7b76b Exploit,Third Party Advisory
https://www.paidmembershipspro.com/pmpro-update-2-6-7-security-release/ Release Notes,Vendor Advisory
https://wpscan.com/vulnerability/6c25a5f0-a137-4ea5-9422-8ae393d7b76b Exploit,Third Party Advisory
https://www.paidmembershipspro.com/pmpro-update-2-6-7-security-release/ Release Notes,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-25114, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Paid Memberships Pro by Strangerstudios

Paid Memberships Pro by Strangerstudios

Paid Memberships Pro by Strangerstudios

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable vulnerable REST endpoint

Web Application Firewall rule

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities