CVE-2021-24728 – Paid Member Subscriptions < 2.4.2 - Authenticated SQL Injection

https://notcve.org/view.php?id=CVE-2021-24728

06 Aug 2021 — The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages. El plugin Membership & Content Restriction - Paid Member Subscriptions de WordPress versiones anteriores a 2.4.2, no saneaba, comprobaba o escapaba de sus parámetros order y orderby antes de usarlos en una sentencia SQL, conllevando... • https://plugins.trac.wordpress.org/changeset/2566399/paid-member-subscriptions • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •