Vulnerabilities > Cozmoslabs > Membership Content Restriction Paid Member Subscriptions > High

DATE CVE VULNERABILITY TITLE RISK
2021-09-13 CVE-2021-24728 SQL Injection vulnerability in Cozmoslabs Membership & Content Restriction - Paid Member Subscriptions
The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages.
network
low complexity
cozmoslabs CWE-89
8.8