CVE-2017-1002010

2017-09-1413:00:00

larry_cashdollar

www.cve.org

vulnerability

membership simplified

sql injection

user input

recordid

wordpress

AI Score

9.8

Confidence

High

EPSS

0.002

Percentile

53.4%

JSON

Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn’t sanitize user input via recordId in the delete_media function.

CNA Affected

[
  {
    "product": "Membership Simplified",
    "vendor": "ontraport",
    "versions": [
      {
        "lessThan": "1.58",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

membership.officeautopilot.com/get-it-now/

www.vapidlabs.com/advisory.php?v=188