Vulnerability Details CVE-2017-1002008
Vulnerability in wordpress plugin membership-simplified-for-oap-members-only v1.58, The file download code located membership-simplified-for-oap-members-only/download.php does not check whether a user is logged in and has download privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.4
EPSS Ranking 97.2%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://www.vapidlabs.com/advisory.php?v=187
- https://wordpress.org/plugins/membership-simplified-for-oap-members-only
- https://wpvulndb.com/vulnerabilities/8777
- https://www.exploit-db.com/exploits/41622/
- http://www.vapidlabs.com/advisory.php?v=187
- https://wordpress.org/plugins/membership-simplified-for-oap-members-only
- https://wpvulndb.com/vulnerabilities/8777
- https://www.exploit-db.com/exploits/41622/
Products affected by CVE-2017-1002008
-
cpe:2.3:a:membership_simplified_project:membership_simplified:1.58