High severity8.8NVD Advisory· Published Sep 13, 2021· Updated Jun 17, 2026
CVE-2021-24728
CVE-2021-24728
Description
The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Membership & Content Restriction – Paid Member Subscriptionsdescription
- Range: <2.4.2
Patches
Vulnerability mechanics
References
3- wpscan.com/vulnerability/2277d335-1c90-4fa8-b0bf-25873c039c38nvdExploitThird Party Advisory
- www.trustwave.com/en-us/resources/security-resources/security-advisories/nvdExploitThird Party Advisory
- plugins.trac.wordpress.org/changeset/2566399/paid-member-subscriptionsnvdThird Party Advisory
News mentions
0No linked articles in our index yet.