Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

membership_simplified

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

3
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2017-1002008
Assigner-Larry Cashdollar
ShareView Details
Assigner-Larry Cashdollar
CVSS Score-9.8||CRITICAL
EPSS-39.96% / 97.23%
||
7 Day CHG~0.00%
Published-14 Sep, 2017 | 13:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in wordpress plugin membership-simplified-for-oap-members-only v1.58, The file download code located membership-simplified-for-oap-members-only/download.php does not check whether a user is logged in and has download privileges.

Action-Not Available
Vendor-membership_simplified_projectWilliam DeAngelis
Product-membership_simplifiedmembership-simplified-for-oap-members-only
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2017-1002009
Assigner-Larry Cashdollar
ShareView Details
Assigner-Larry Cashdollar
CVSS Score-9.8||CRITICAL
EPSS-6.01% / 90.34%
||
7 Day CHG~0.00%
Published-14 Sep, 2017 | 13:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete function.

Action-Not Available
Vendor-ontraportn/a
Product-membership_simplifiedn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2017-1002010
Assigner-Larry Cashdollar
ShareView Details
Assigner-Larry Cashdollar
CVSS Score-9.8||CRITICAL
EPSS-6.01% / 90.34%
||
7 Day CHG~0.00%
Published-14 Sep, 2017 | 13:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete_media function.

Action-Not Available
Vendor-ontraportontraport
Product-membership_simplifiedMembership Simplified
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')