Vulnerabilities > CVE-2021-24728 - Unspecified vulnerability in Cozmoslabs Membership & Content Restriction - Paid Member Subscriptions

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
cozmoslabs

Summary

The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages.

Vulnerable Configurations

Part Description Count
Application
Cozmoslabs
142