CVE-2021-24728

Summary

The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages.

Affected Software

VendorProductVersion RangeStatus
UnknownMembership & Content Restriction – Paid Member Subscriptions2.4.2 < 2.4.2affected

Weaknesses

  • CWE-89: CWE-89 SQL Injection

ADP Enrichment

CVE Program Container

Additional References

References