Vulnerabilities > CVE-2021-24728 - Unspecified vulnerability in Cozmoslabs Membership & Content Restriction - Paid Member Subscriptions
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages.
Vulnerable Configurations
References
- https://plugins.trac.wordpress.org/changeset/2566399/paid-member-subscriptions
- https://plugins.trac.wordpress.org/changeset/2566399/paid-member-subscriptions
- https://wpscan.com/vulnerability/2277d335-1c90-4fa8-b0bf-25873c039c38
- https://wpscan.com/vulnerability/2277d335-1c90-4fa8-b0bf-25873c039c38
- https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29172
- https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29172