← voltar
CVE-2021-24728

Paid Member Subscriptions < 2.4.2 - Authenticated SQL Injection

EPSS 1.7%CWE-89
The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages.
Produtos afetados
Unknown · Membership & Content Restriction – Paid Member Subscriptions

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://plugins.trac.wordpress.org/changeset/2566399/paid-member-subscriptionshttps://wpscan.com/vulnerability/2277d335-1c90-4fa8-b0bf-25873c039c38https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29172