← voltar
CVE-2021-24728

Paid Member Subscriptions < 2.4.2 - Authenticated SQL Injection

EPSS 1.7%CWE-89
Vexday Risk Score
3Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS EPSS 1.7%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
13 set 2021Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages.
Produtos afetados
Unknown · Membership & Content Restriction – Paid Member Subscriptions

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://plugins.trac.wordpress.org/changeset/2566399/paid-member-subscriptionshttps://wpscan.com/vulnerability/2277d335-1c90-4fa8-b0bf-25873c039c38https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29172