CVE-2021-24728

HIGH

Cozmoslabs Membership & Content Restriction - Paid Member Subscriptions < 2.4.2 - SQL Injection

Title source: rule
STIX 2.1

Description

The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages.

References (3)

Core 3

Scores

CVSS v3 8.8
EPSS 0.0171
EPSS Percentile 74.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
cozmoslabs/membership_\&_content_restriction_-_paid_member_subscriptions < 2.4.2
Published Sep 13, 2021
Tracked Since Feb 18, 2026