cleantalk
Vulnerabilities and Security Researches

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction, CVE-2021-24728

CVE, Research URL

CVE-2021-24728

Home page URL

Security reports for Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

Application

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

Published on
Sep 13, 2021
Research Description
The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages.
Affected versions
Min -, max 2.4.2.
Status
vulnerable
Previous vulnerability researches
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction (CVE-2024-11291) , Dec 19, 2024
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction (CVE-2024-12919) , Jan 15, 2025
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction (CVE-2025-31088) , Apr 02, 2025
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction (CVE-2021-24728) , Jun 07, 2024
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction (CVE-2024-32728) , Jun 07, 2024
New vulnerability
WP Statistics , May 27, 2025
Hostinger , May 27, 2025
BackWPup – WordPress Backup Plugin , May 27, 2025
Quick Contact Form (CVE-2025-48245) , May 27, 2025
Affiliate Sales in Google Analytics and other tools (CVE-2024-12561) , May 27, 2025