CVE-2021-24728

Paid Member Subscriptions < 2.4.2 - Authenticated SQL Injection

EPSS 1.7%CWE-89

The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages.

Productos afectados

Unknown · Membership & Content Restriction – Paid Member Subscriptions

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://plugins.trac.wordpress.org/changeset/2566399/paid-member-subscriptions https://wpscan.com/vulnerability/2277d335-1c90-4fa8-b0bf-25873c039c38 https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29172