CVE-2021-24728 - Vulnerability Details - OpenCVE

The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cozmoslabs	Membership \& Content Restriction - Paid Member Subscriptions

Configuration 1 [-]

cpe:2.3:a:cozmoslabs:membership_\&_content_restriction_-_paid_member_subscriptions:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://plugins.trac.wordpress.org/changeset/2566399/paid-member-subscriptions
https://wpscan.com/vulnerability/2277d335-1c90-4fa8-b0bf-25873c039c38
https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29172

History

No history.

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2021-09-13T17:56:44.000Z

Updated: 2024-08-03T19:42:16.634Z

Reserved: 2021-01-14T00:00:00.000Z

Link: CVE-2021-24728

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-09-13T18:15:19.283

Modified: 2024-11-21T05:53:38.743

Link: CVE-2021-24728

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Membership & Content Restriction \u2013 Paid Member Subscriptions", "vendor": "Unknown", "versions": [{"lessThan": "2.4.2", "status": "affected", "version": "2.4.2", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Martin Vierula of Trustwave"}], "descriptions": [{"lang": "en", "value": "The Membership & Content Restriction \u2013 Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 SQL Injection", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-09-13T17:56:44.000Z", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29172"}, {"tags": ["x_refsource_MISC"], "url": "https://wpscan.com/vulnerability/2277d335-1c90-4fa8-b0bf-25873c039c38"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://plugins.trac.wordpress.org/changeset/2566399/paid-member-subscriptions"}], "source": {"discovery": "UNKNOWN"}, "title": "Paid Member Subscriptions < 2.4.2 - Authenticated SQL Injection", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2021-24728", "STATE": "PUBLIC", "TITLE": "Paid Member Subscriptions < 2.4.2 - Authenticated SQL Injection"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Membership & Content Restriction \u2013 Paid Member Subscriptions", "version": {"version_data": [{"version_affected": "<", "version_name": "2.4.2", "version_value": "2.4.2"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "Martin Vierula of Trustwave"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Membership & Content Restriction \u2013 Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages."}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-89 SQL Injection"}]}]}, "references": {"reference_data": [{"name": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29172", "refsource": "MISC", "url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29172"}, {"name": "https://wpscan.com/vulnerability/2277d335-1c90-4fa8-b0bf-25873c039c38", "refsource": "MISC", "url": "https://wpscan.com/vulnerability/2277d335-1c90-4fa8-b0bf-25873c039c38"}, {"name": "https://plugins.trac.wordpress.org/changeset/2566399/paid-member-subscriptions", "refsource": "CONFIRM", "url": "https://plugins.trac.wordpress.org/changeset/2566399/paid-member-subscriptions"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T19:42:16.634Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29172"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpscan.com/vulnerability/2277d335-1c90-4fa8-b0bf-25873c039c38"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://plugins.trac.wordpress.org/changeset/2566399/paid-member-subscriptions"}]}]}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2021-24728", "datePublished": "2021-09-13T17:56:44.000Z", "dateReserved": "2021-01-14T00:00:00.000Z", "dateUpdated": "2024-08-03T19:42:16.634Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cozmoslabs:membership_\\&_content_restriction_-_paid_member_subscriptions:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "FA90947C-3108-499F-A4B1-31A70A92B2FB", "versionEndExcluding": "2.4.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Membership & Content Restriction \u2013 Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages."}, {"lang": "es", "value": "El plugin Membership & Content Restriction - Paid Member Subscriptions de WordPress versiones anteriores a 2.4.2, no saneaba, comprobaba o escapaba de sus par\u00e1metros order y orderby antes de usarlos en una sentencia SQL, conllevando a inyecciones SQL autenticadas en las p\u00e1ginas Members y Payments"}], "id": "CVE-2021-24728", "lastModified": "2024-11-21T05:53:38.743", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-09-13T18:15:19.283", "references": [{"source": "contact@wpscan.com", "tags": ["Third Party Advisory"], "url": "https://plugins.trac.wordpress.org/changeset/2566399/paid-member-subscriptions"}, {"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/2277d335-1c90-4fa8-b0bf-25873c039c38"}, {"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29172"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://plugins.trac.wordpress.org/changeset/2566399/paid-member-subscriptions"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/2277d335-1c90-4fa8-b0bf-25873c039c38"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29172"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "contact@wpscan.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Secondary"}]}