CVSS: 9.8EPSS: 6%CPEs: 1EXPL: 1CVE-2017-1002009 – Membership Simplified <= 1.58 - SQL Injection
https://notcve.org/view.php?id=CVE-2017-1002009
17 Mar 2017 — Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete function. Existe una vulnerabilidad en el plugin Membership Simplified v1.58 de WordPress. El código en membership-simplified-for-oap-members-only/updateDB.php es vulnerable a inyecciones SQL a ciegas porque no sanitiza los valores de entrada del usuario mediante recordId en la... • http://membership.officeautopilot.com/get-it-now • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 6%CPEs: 1EXPL: 1CVE-2017-1002010 – Membership Simplified <= 1.58 Beta - SQL Injection
https://notcve.org/view.php?id=CVE-2017-1002010
17 Mar 2017 — Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete_media function. Existe una vulnerabilidad en el plugin Membership Simplified v1.58 de WordPress. El código en membership-simplified-for-oap-members-only/updateDB.php es vulnerable a inyecciones SQL a ciegas porque no sanitiza los valores de entrada del usuario mediante recordId... • http://membership.officeautopilot.com/get-it-now • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 40%CPEs: 1EXPL: 3CVE-2017-1002008 – Membership Simplified <= 1.58 - Arbitrary File Download
https://notcve.org/view.php?id=CVE-2017-1002008
13 Mar 2017 — Vulnerability in wordpress plugin membership-simplified-for-oap-members-only v1.58, The file download code located membership-simplified-for-oap-members-only/download.php does not check whether a user is logged in and has download privileges. Existe una vulnerabilidad en el plugin membership-simplified-for-oap-members-only v1.58 de WordPress. El código de descarga de archivos en membership-simplified-for-oap-members-only/download.php no verifica si un usuario ha iniciado sesión y si tiene privilegios de des... • https://packetstorm.news/files/id/141677 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-434: Unrestricted Upload of File with Dangerous Type •