WordPress Plugin Vulnerabilities

Add Edit Delete Listing For Member Module <= 1.0 - SQL Injection

Description

The add-edit-delete-listing-for-member-module WordPress plugin was affected by a SQL Injection security vulnerability.

Affects Plugins

Plugin icon
add-edit-delete-listing-for-member-module
No known fix

References

CVE
CVE-2017-1002025
URL
http://www.vapidlabs.com/advisory.php?v=196

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
7.2 (high)

Miscellaneous

Verified
No
WPVDB ID
7948d1f7-ee05-459a-ba50-e10d3b656649

Timeline

Publicly Published
2017-07-05 (about 8 years ago)
Added
2019-08-21 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-08-20
Title
Listeo-Core < 2.0.7 - Authenticated (Subscriber+) SQL Injection
Published
2021-05-19
Title
FlightLog <= 3.0.2 - Authenticated (editor+) SQL Injection
Published
2023-06-15
Title
Contact Form by WD <= 1.13.23 - Admin+ SQLi
Published
2023-02-06
Title
My Sticky Elements < 2.0.9 - Admin+ SQLi
Published
2025-09-09
Title
Duplicate Page and Post <= 2.9.5 - Authenticated (Contributor+) SQL Injection via meta_key Parameter