Vulnerability Description
Vulnerability in wordpress plugin membership-simplified-for-oap-members-only v1.58, The file download code located membership-simplified-for-oap-members-only/download.php does not check whether a user is logged in and has download privileges.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Membership Simplified Project | Membership Simplified | 1.58 |
Related Weaknesses (CWE)
References
- http://www.vapidlabs.com/advisory.php?v=187ExploitThird Party Advisory
- https://wordpress.org/plugins/membership-simplified-for-oap-members-onlyNot Applicable
- https://wpvulndb.com/vulnerabilities/8777Third Party Advisory
- https://www.exploit-db.com/exploits/41622/ExploitThird Party AdvisoryVDB Entry
- http://www.vapidlabs.com/advisory.php?v=187ExploitThird Party Advisory
- https://wordpress.org/plugins/membership-simplified-for-oap-members-onlyNot Applicable
- https://wpvulndb.com/vulnerabilities/8777Third Party Advisory
- https://www.exploit-db.com/exploits/41622/ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2017-1002008?
CVE-2017-1002008 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Vulnerability in wordpress plugin membership-simplified-for-oap-members-only v1.58, The file download code located membership-simplified-for-oap-members-only/download.php does not check whether a user...
How severe is CVE-2017-1002008?
CVE-2017-1002008 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-1002008?
Check the references section above for vendor advisories and patch information. Affected products include: Membership Simplified Project Membership Simplified.