CVE-2021-24728
N/A
N/A
Summary
The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | Membership & Content Restriction – Paid Member Subscriptions | 2.4.2 < 2.4.2 | affected |
Weaknesses
- CWE-89: CWE-89 SQL Injection
ADP Enrichment
CVE Program Container
Additional References
- https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29172
- https://wpscan.com/vulnerability/2277d335-1c90-4fa8-b0bf-25873c039c38
- https://plugins.trac.wordpress.org/changeset/2566399/paid-member-subscriptions
References
- https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29172
- https://wpscan.com/vulnerability/2277d335-1c90-4fa8-b0bf-25873c039c38
- https://plugins.trac.wordpress.org/changeset/2566399/paid-member-subscriptions
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.