VYPR

Membership Simplified

by WordPress

CVEs (3)

  • CVE-2017-1002008CriSep 14, 2017
    risk 0.68cvss 9.8epss 0.17

    Vulnerability in wordpress plugin membership-simplified-for-oap-members-only v1.58, The file download code located membership-simplified-for-oap-members-only/download.php does not check whether a user is logged in and has download privileges.

  • CVE-2017-1002010CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.02

    Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete_media function.

  • CVE-2017-1002009CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.02

    Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete function.