Vulnerabilities > Cozmoslabs > Membership Content Restriction Paid Member Subscriptions > 1.3.4

DATE	CVE	VULNERABILITY TITLE	RISK
2021-09-13	CVE-2021-24728	SQL Injection vulnerability in Cozmoslabs Membership & Content Restriction - Paid Member Subscriptions The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages. network low complexity cozmoslabs CWE-89	8.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.