Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-wq6m-fwgx-fx9f

Опубликовано: 24 мая 2022
Источник: github
Github: Не прошло ревью
CVSS3: 8.8

Описание

The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages.

The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages.

Ссылки

EPSS

Процентиль: 81%
0.01593
Низкий

8.8 High

CVSS3

CVE ID

CVE-2021-24728

Дефекты

CWE-79
CWE-89

Связанные уязвимости

nvd логотип

CVE-2021-24728

CVSS3: 8.8
nvd
больше 4 лет назад

The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages.

EPSS

Процентиль: 81%
0.01593
Низкий

8.8 High

CVSS3

CVE ID

CVE-2021-24728

Дефекты

CWE-79
CWE-89