Paid Member Subscriptions < 2.4.2 - Authenticated SQL Injection
CVE-2021-24728
8.8HIGH
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 13 September 2021
What is CVE-2021-24728?
The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages.
Affected Version(s)
Membership & Content Restriction – Paid Member Subscriptions 2.4.2