CVE-2021-24728

Name of the Vulnerable Software and Affected Versions Membership & Content Restriction – Paid Member Subscriptions WordPress plugin versions prior to 2.4.2

Description The issue concerns the Membership & Content Restriction – Paid Member Subscriptions WordPress plugin, where the order and orderby parameters are not properly sanitised, validated, or escaped before being used in SQL statements. This leads to authenticated SQL injections, specifically affecting the Members and Payments pages.

Recommendations For versions prior to 2.4.2, update to version 2.4.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the Members and Payments pages until the update is applied.