Search criteria
2 vulnerabilities found for Membership & Content Restriction – Paid Member Subscriptions by Unknown
CVE-2021-24728 (GCVE-0-2021-24728)
Vulnerability from nvd – Published: 2021-09-13 17:56 – Updated: 2024-08-03 19:42
VLAI
Title
Paid Member Subscriptions < 2.4.2 - Authenticated SQL Injection
Summary
The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages.
Severity
No CVSS data available.
CWE
- CWE-89 - SQL Injection
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.trustwave.com/en-us/resources/securit… | x_refsource_MISC |
| https://wpscan.com/vulnerability/2277d335-1c90-4f… | x_refsource_MISC |
| https://plugins.trac.wordpress.org/changeset/2566… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Membership & Content Restriction – Paid Member Subscriptions |
Affected:
2.4.2 , < 2.4.2
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:42:16.634Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29172"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/2277d335-1c90-4fa8-b0bf-25873c039c38"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2566399/paid-member-subscriptions"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Membership \u0026 Content Restriction \u2013 Paid Member Subscriptions",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.4.2",
"status": "affected",
"version": "2.4.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Martin Vierula of Trustwave"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Membership \u0026 Content Restriction \u2013 Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-13T17:56:44.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29172"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/2277d335-1c90-4fa8-b0bf-25873c039c38"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/2566399/paid-member-subscriptions"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Paid Member Subscriptions \u003c 2.4.2 - Authenticated SQL Injection",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24728",
"STATE": "PUBLIC",
"TITLE": "Paid Member Subscriptions \u003c 2.4.2 - Authenticated SQL Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Membership \u0026 Content Restriction \u2013 Paid Member Subscriptions",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.4.2",
"version_value": "2.4.2"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Martin Vierula of Trustwave"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Membership \u0026 Content Restriction \u2013 Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29172",
"refsource": "MISC",
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29172"
},
{
"name": "https://wpscan.com/vulnerability/2277d335-1c90-4fa8-b0bf-25873c039c38",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/2277d335-1c90-4fa8-b0bf-25873c039c38"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/2566399/paid-member-subscriptions",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2566399/paid-member-subscriptions"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24728",
"datePublished": "2021-09-13T17:56:44.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:42:16.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24728 (GCVE-0-2021-24728)
Vulnerability from cvelistv5 – Published: 2021-09-13 17:56 – Updated: 2024-08-03 19:42
VLAI
Title
Paid Member Subscriptions < 2.4.2 - Authenticated SQL Injection
Summary
The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages.
Severity
No CVSS data available.
CWE
- CWE-89 - SQL Injection
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.trustwave.com/en-us/resources/securit… | x_refsource_MISC |
| https://wpscan.com/vulnerability/2277d335-1c90-4f… | x_refsource_MISC |
| https://plugins.trac.wordpress.org/changeset/2566… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Membership & Content Restriction – Paid Member Subscriptions |
Affected:
2.4.2 , < 2.4.2
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:42:16.634Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29172"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/2277d335-1c90-4fa8-b0bf-25873c039c38"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2566399/paid-member-subscriptions"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Membership \u0026 Content Restriction \u2013 Paid Member Subscriptions",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.4.2",
"status": "affected",
"version": "2.4.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Martin Vierula of Trustwave"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Membership \u0026 Content Restriction \u2013 Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-13T17:56:44.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29172"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/2277d335-1c90-4fa8-b0bf-25873c039c38"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/2566399/paid-member-subscriptions"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Paid Member Subscriptions \u003c 2.4.2 - Authenticated SQL Injection",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24728",
"STATE": "PUBLIC",
"TITLE": "Paid Member Subscriptions \u003c 2.4.2 - Authenticated SQL Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Membership \u0026 Content Restriction \u2013 Paid Member Subscriptions",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.4.2",
"version_value": "2.4.2"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Martin Vierula of Trustwave"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Membership \u0026 Content Restriction \u2013 Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29172",
"refsource": "MISC",
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29172"
},
{
"name": "https://wpscan.com/vulnerability/2277d335-1c90-4fa8-b0bf-25873c039c38",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/2277d335-1c90-4fa8-b0bf-25873c039c38"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/2566399/paid-member-subscriptions",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2566399/paid-member-subscriptions"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24728",
"datePublished": "2021-09-13T17:56:44.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:42:16.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}