CVE-2021-24728
Summary
| CVE | CVE-2021-24728 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-09-13 18:15:00 UTC |
| Updated | 2022-12-20 22:03:00 UTC |
| Description | The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages. |
Risk And Classification
Problem Types: CWE-89
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cozmoslabs | Membership Content Restriction - Paid Member Subscriptions | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.trustwave.com/en-us/resources/security-resources/security-advisories | MISC | www.trustwave.com | |
| Attention Required! | Cloudflare | MISC | wpscan.com | |
| 403 Forbidden | CONFIRM | plugins.trac.wordpress.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Martin Vierula of Trustwave
There are currently no legacy QID mappings associated with this CVE.