cvelist/2021/24xxx/CVE-2021-24728.json

{
    "CVE_data_meta": {
        "ID": "CVE-2021-24728",
        "ASSIGNER": "contact@wpscan.com",
        "STATE": "PUBLIC",
        "TITLE": "Paid Member Subscriptions < 2.4.2 - Authenticated SQL Injection"
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "generator": "WPScan CVE Generator",
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "Unknown",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Membership & Content Restriction \u2013 Paid Member Subscriptions",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<",
                                            "version_name": "2.4.2",
                                            "version_value": "2.4.2"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "The Membership & Content Restriction \u2013 Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages."
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "refsource": "MISC",
                "url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29172",
                "name": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29172"
            },
            {
                "refsource": "MISC",
                "url": "https://wpscan.com/vulnerability/2277d335-1c90-4fa8-b0bf-25873c039c38",
                "name": "https://wpscan.com/vulnerability/2277d335-1c90-4fa8-b0bf-25873c039c38"
            },
            {
                "refsource": "CONFIRM",
                "url": "https://plugins.trac.wordpress.org/changeset/2566399/paid-member-subscriptions",
                "name": "https://plugins.trac.wordpress.org/changeset/2566399/paid-member-subscriptions"
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "value": "CWE-89 SQL Injection",
                        "lang": "eng"
                    }
                ]
            }
        ]
    },
    "credit": [
        {
            "lang": "eng",
            "value": "Martin Vierula of Trustwave"
        }
    ],
    "source": {
        "discovery": "UNKNOWN"
    }
}