Vulnerabilities > Cozmoslabs > Membership Content Restriction Paid Member Subscriptions
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-02 | CVE-2024-9222 | Cross-site Scripting vulnerability in Cozmoslabs Membership & Content Restriction - Paid Member Subscriptions The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.12.8. | 6.1 |
| 2021-09-13 | CVE-2021-24728 | SQL Injection vulnerability in Cozmoslabs Membership & Content Restriction - Paid Member Subscriptions The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages. | 8.8 |