Published: 14/09/2017 Updated: 11/12/2019

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Subscribe to Membership Simplified Project

Vulnerability in wordpress plugin membership-simplified-for-oap-members-only v1.58, The file download code located membership-simplified-for-oap-members-only/download.php does not check whether a user is logged in and has download privileges.

Vulnerable Product	Search on Vulmon	Subscribe to Product
membership simplified project membership simplified 1.58

import requests import string import random from urlparse import urlparse print "---------------------------------------------------------------------" print "Wordpress Plugin Membership Simplified v158 - Arbitrary File Download\nDiscovery: Larry W Cashdollar\nExploit Author: Munir Njiru\nWebsite: wwwalien-withincom\nCVE-2017-1002008\n ...

WordPress Membership Simplified plugin version 158 suffers from an arbitrary file download vulnerability ...

WordPress Membership Simplified plugin version 158 arbitrary file download exploit ...

CWE-434 https://wordpress.org/plugins/membership-simplified-for-oap-members-only http://www.vapidlabs.com/advisory.php?v=187 https://www.exploit-db.com/exploits/41622/https://wpvulndb.com/vulnerabilities/8777 https://nvd.nist.gov https://www.exploit-db.com/exploits/41622/

CVE-2017-1002008

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect