CVE-2017-1002010

9.8CRITICAL

Key Information:

Vendor: Wordpress
Status: Membership Simplified
Vendor: CVE Published:; 14 September 2017

Summary

Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete_media function.

Affected Version(s)

Membership Simplified < 1.58

References

http://www.vapidlabs.com/advisory.php?v=188

x_refsource_MISC

http://membership.officeautopilot.com/get-it-now/

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Sep 14, 2017