{"containers":{"cna":{"affected":[{"product":"Membership & Content Restriction – Paid Member Subscriptions","vendor":"Unknown","versions":[{"lessThan":"2.4.2","status":"affected","version":"2.4.2","versionType":"custom"}]}],"credits":[{"lang":"en","value":"Martin Vierula of Trustwave"}],"descriptions":[{"lang":"en","value":"The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages."}],"problemTypes":[{"descriptions":[{"cweId":"CWE-89","description":"CWE-89 SQL Injection","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2021-09-13T17:56:44.000Z","orgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","shortName":"WPScan"},"references":[{"tags":["x_refsource_MISC"],"url":"https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29172"},{"tags":["x_refsource_MISC"],"url":"https://wpscan.com/vulnerability/2277d335-1c90-4fa8-b0bf-25873c039c38"},{"tags":["x_refsource_CONFIRM"],"url":"https://plugins.trac.wordpress.org/changeset/2566399/paid-member-subscriptions"}],"source":{"discovery":"UNKNOWN"},"title":"Paid Member Subscriptions < 2.4.2 - Authenticated SQL Injection","x_generator":"WPScan CVE Generator","x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"contact@wpscan.com","ID":"CVE-2021-24728","STATE":"PUBLIC","TITLE":"Paid Member Subscriptions < 2.4.2 - Authenticated SQL Injection"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Membership & Content Restriction – Paid Member Subscriptions","version":{"version_data":[{"version_affected":"<","version_name":"2.4.2","version_value":"2.4.2"}]}}]},"vendor_name":"Unknown"}]}},"credit":[{"lang":"eng","value":"Martin Vierula of Trustwave"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages."}]},"generator":"WPScan CVE Generator","problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-89 SQL Injection"}]}]},"references":{"reference_data":[{"name":"https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29172","refsource":"MISC","url":"https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29172"},{"name":"https://wpscan.com/vulnerability/2277d335-1c90-4fa8-b0bf-25873c039c38","refsource":"MISC","url":"https://wpscan.com/vulnerability/2277d335-1c90-4fa8-b0bf-25873c039c38"},{"name":"https://plugins.trac.wordpress.org/changeset/2566399/paid-member-subscriptions","refsource":"CONFIRM","url":"https://plugins.trac.wordpress.org/changeset/2566399/paid-member-subscriptions"}]},"source":{"discovery":"UNKNOWN"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T19:42:16.634Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29172"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://wpscan.com/vulnerability/2277d335-1c90-4fa8-b0bf-25873c039c38"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://plugins.trac.wordpress.org/changeset/2566399/paid-member-subscriptions"}]}]},"cveMetadata":{"assignerOrgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","assignerShortName":"WPScan","cveId":"CVE-2021-24728","datePublished":"2021-09-13T17:56:44.000Z","dateReserved":"2021-01-14T00:00:00.000Z","dateUpdated":"2024-08-03T19:42:16.634Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}