Security Advisory

CVE-2021-24728

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-09-13 17:56:44

Last updated 2024-08-03 19:42:16

Assigner WPScan

State PUBLISHED

Description

The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages.

← Browse all CVEs View on cve.org ↗