3 matches found
CVE-2021-24728
The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages...
CVE-2021-24728 Paid Member Subscriptions < 2.4.2 - Authenticated SQL Injection
The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages...
CVE-2021-24728
The CVE-2021-24728 issue affects the WordPress plugin Membership & Content Restriction – Paid Member Subscriptions, specifically versions before 2.4.2. The root cause is that the plugin does not sanitise, validate, or escape the order and orderby parameters before using them in SQL statements, re...