CVE-2021-24728

Paid Member Subscriptions < 2.4.2 - Authenticated SQL Injection

EPSS 1.7%CWE-89

Vexday Risk Score

3Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS —EPSS 1.7%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

13 sep 2021Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages.

Productos afectados

Unknown · Membership & Content Restriction – Paid Member Subscriptions

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://plugins.trac.wordpress.org/changeset/2566399/paid-member-subscriptions https://wpscan.com/vulnerability/2277d335-1c90-4fa8-b0bf-25873c039c38 https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29172