mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-28 01:04:30 +00:00
981 B
981 B
CVE-2021-24728
Description
The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages.
POC
Reference
- https://wpscan.com/vulnerability/2277d335-1c90-4fa8-b0bf-25873c039c38
- https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29172
Github
No PoCs found on GitHub currently.