Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Membership & Content Restriction – Paid Member Subscriptions by Unknown

    CVE-2021-24728 (GCVE-0-2021-24728)

    Vulnerability from nvd – Published: 2021-09-13 17:56 – Updated: 2024-08-03 19:42
    VLAI
    Title
    Paid Member Subscriptions < 2.4.2 - Authenticated SQL Injection
    Summary
    The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages.
    Severity
    No CVSS data available.
    CWE
    Assigner
    Impacted products
    Credits
    Martin Vierula of Trustwave
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:42:16.634Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29172"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/2277d335-1c90-4fa8-b0bf-25873c039c38"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset/2566399/paid-member-subscriptions"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Membership \u0026 Content Restriction \u2013 Paid Member Subscriptions",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "2.4.2",
                  "status": "affected",
                  "version": "2.4.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Martin Vierula of Trustwave"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Membership \u0026 Content Restriction \u2013 Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-13T17:56:44.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29172"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/2277d335-1c90-4fa8-b0bf-25873c039c38"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://plugins.trac.wordpress.org/changeset/2566399/paid-member-subscriptions"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Paid Member Subscriptions \u003c 2.4.2 - Authenticated SQL Injection",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2021-24728",
              "STATE": "PUBLIC",
              "TITLE": "Paid Member Subscriptions \u003c 2.4.2 - Authenticated SQL Injection"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Membership \u0026 Content Restriction \u2013 Paid Member Subscriptions",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "2.4.2",
                                "version_value": "2.4.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Martin Vierula of Trustwave"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Membership \u0026 Content Restriction \u2013 Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages."
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-89 SQL Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29172",
                  "refsource": "MISC",
                  "url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29172"
                },
                {
                  "name": "https://wpscan.com/vulnerability/2277d335-1c90-4fa8-b0bf-25873c039c38",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/2277d335-1c90-4fa8-b0bf-25873c039c38"
                },
                {
                  "name": "https://plugins.trac.wordpress.org/changeset/2566399/paid-member-subscriptions",
                  "refsource": "CONFIRM",
                  "url": "https://plugins.trac.wordpress.org/changeset/2566399/paid-member-subscriptions"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2021-24728",
        "datePublished": "2021-09-13T17:56:44.000Z",
        "dateReserved": "2021-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:42:16.634Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-24728 (GCVE-0-2021-24728)

    Vulnerability from cvelistv5 – Published: 2021-09-13 17:56 – Updated: 2024-08-03 19:42
    VLAI
    Title
    Paid Member Subscriptions < 2.4.2 - Authenticated SQL Injection
    Summary
    The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages.
    Severity
    No CVSS data available.
    CWE
    Assigner
    Impacted products
    Credits
    Martin Vierula of Trustwave
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:42:16.634Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29172"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/2277d335-1c90-4fa8-b0bf-25873c039c38"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset/2566399/paid-member-subscriptions"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Membership \u0026 Content Restriction \u2013 Paid Member Subscriptions",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "2.4.2",
                  "status": "affected",
                  "version": "2.4.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Martin Vierula of Trustwave"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Membership \u0026 Content Restriction \u2013 Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-13T17:56:44.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29172"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/2277d335-1c90-4fa8-b0bf-25873c039c38"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://plugins.trac.wordpress.org/changeset/2566399/paid-member-subscriptions"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Paid Member Subscriptions \u003c 2.4.2 - Authenticated SQL Injection",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2021-24728",
              "STATE": "PUBLIC",
              "TITLE": "Paid Member Subscriptions \u003c 2.4.2 - Authenticated SQL Injection"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Membership \u0026 Content Restriction \u2013 Paid Member Subscriptions",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "2.4.2",
                                "version_value": "2.4.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Martin Vierula of Trustwave"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Membership \u0026 Content Restriction \u2013 Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages."
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-89 SQL Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29172",
                  "refsource": "MISC",
                  "url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29172"
                },
                {
                  "name": "https://wpscan.com/vulnerability/2277d335-1c90-4fa8-b0bf-25873c039c38",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/2277d335-1c90-4fa8-b0bf-25873c039c38"
                },
                {
                  "name": "https://plugins.trac.wordpress.org/changeset/2566399/paid-member-subscriptions",
                  "refsource": "CONFIRM",
                  "url": "https://plugins.trac.wordpress.org/changeset/2566399/paid-member-subscriptions"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2021-24728",
        "datePublished": "2021-09-13T17:56:44.000Z",
        "dateReserved": "2021-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:42:16.634Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }