Monthly Archive: September 2021

CVE-2021-24728

The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL...

CVE-2021-24726

The WP Simple Booking Calendar WordPress plugin before 2.0.6 did not escape, validate or sanitise the orderby parameter in its Search Calendars action, before using it in a SQL statement, leading to an authenticated...

CVE-2021-24725

The Comment Link Remove and Other Comment Tools WordPress plugin before 2.1.6 does not have CSRF check in its ‘Delete comments easily’, which could allow attackers to make logged in admin delete arbitrary comments...