CVSS: 9.8EPSS: 40%CPEs: 1EXPL: 3CVE-2017-1002008 – Membership Simplified <= 1.58 - Arbitrary File Download
https://notcve.org/view.php?id=CVE-2017-1002008
13 Mar 2017 — Vulnerability in wordpress plugin membership-simplified-for-oap-members-only v1.58, The file download code located membership-simplified-for-oap-members-only/download.php does not check whether a user is logged in and has download privileges. Existe una vulnerabilidad en el plugin membership-simplified-for-oap-members-only v1.58 de WordPress. El código de descarga de archivos en membership-simplified-for-oap-members-only/download.php no verifica si un usuario ha iniciado sesión y si tiene privilegios de des... • https://packetstorm.news/files/id/141677 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-434: Unrestricted Upload of File with Dangerous Type •