CVE-2021-24728 - OpenCVE

The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Cozmoslabs	Membership \& Content Restriction - Paid Member Subscriptions

Configuration 1 [-]

cpe:2.3:a:cozmoslabs:membership_\&_content_restriction_-_paid_member_subscriptions:*:*:*:*:*:wordpress:*:*

References

Link	Resource
https://plugins.trac.wordpress.org/changeset/2566399/paid-member-subscriptions	Third Party Advisory
https://wpscan.com/vulnerability/2277d335-1c90-4fa8-b0bf-25873c039c38	Exploit Third Party Advisory
https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29172	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: WPScan

Published: 2021-09-13T17:56:44

Updated: 2021-09-13T17:56:44

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-24728

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-09-13T18:15:19.283

Modified: 2022-12-20T22:03:01.933

Link: CVE-2021-24728

JSON object: View

Redhat Information

No data.

CWE

CWE-89

{"containers": {"cna": {"affected": [{"product": "Membership & Content Restriction \u2013 Paid Member Subscriptions", "vendor": "Unknown", "versions": [{"lessThan": "2.4.2", "status": "affected", "version": "2.4.2", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Martin Vierula of Trustwave"}], "descriptions": [{"lang": "en", "value": "The Membership & Content Restriction \u2013 Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 SQL Injection", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-09-13T17:56:44", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29172"}, {"tags": ["x_refsource_MISC"], "url": "https://wpscan.com/vulnerability/2277d335-1c90-4fa8-b0bf-25873c039c38"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://plugins.trac.wordpress.org/changeset/2566399/paid-member-subscriptions"}], "source": {"discovery": "UNKNOWN"}, "title": "Paid Member Subscriptions < 2.4.2 - Authenticated SQL Injection", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2021-24728", "STATE": "PUBLIC", "TITLE": "Paid Member Subscriptions < 2.4.2 - Authenticated SQL Injection"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Membership & Content Restriction \u2013 Paid Member Subscriptions", "version": {"version_data": [{"version_affected": "<", "version_name": "2.4.2", "version_value": "2.4.2"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "Martin Vierula of Trustwave"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Membership & Content Restriction \u2013 Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages."}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-89 SQL Injection"}]}]}, "references": {"reference_data": [{"name": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29172", "refsource": "MISC", "url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29172"}, {"name": "https://wpscan.com/vulnerability/2277d335-1c90-4fa8-b0bf-25873c039c38", "refsource": "MISC", "url": "https://wpscan.com/vulnerability/2277d335-1c90-4fa8-b0bf-25873c039c38"}, {"name": "https://plugins.trac.wordpress.org/changeset/2566399/paid-member-subscriptions", "refsource": "CONFIRM", "url": "https://plugins.trac.wordpress.org/changeset/2566399/paid-member-subscriptions"}]}, "source": {"discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2021-24728", "datePublished": "2021-09-13T17:56:44", "dateReserved": "2021-01-14T00:00:00", "dateUpdated": "2021-09-13T17:56:44", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cozmoslabs:membership_\\&_content_restriction_-_paid_member_subscriptions:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "FA90947C-3108-499F-A4B1-31A70A92B2FB", "versionEndExcluding": "2.4.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Membership & Content Restriction \u2013 Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages."}, {"lang": "es", "value": "El plugin Membership & Content Restriction - Paid Member Subscriptions de WordPress versiones anteriores a 2.4.2, no saneaba, comprobaba o escapaba de sus par\u00e1metros order y orderby antes de usarlos en una sentencia SQL, conllevando a inyecciones SQL autenticadas en las p\u00e1ginas Members y Payments"}], "id": "CVE-2021-24728", "lastModified": "2022-12-20T22:03:01.933", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-09-13T18:15:19.283", "references": [{"source": "contact@wpscan.com", "tags": ["Third Party Advisory"], "url": "https://plugins.trac.wordpress.org/changeset/2566399/paid-member-subscriptions"}, {"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/2277d335-1c90-4fa8-b0bf-25873c039c38"}, {"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29172"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "contact@wpscan.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Secondary"}]}