WordPress Plugin Vulnerabilities

Membership by Supsystic <= 1.5.0 - Authenticated SQL Injection

Description

The GET parameter "sidx" and "search are used in a SQL statement without being sanitised when searching for badges in the dashboard, leading to authenticated SQL Injection issues.

v1.4.8 attempted a fix, which was found to not be sufficient

Proof of Concept

Affects Plugins

Plugin icon
membership-by-supsystic
No known fix

References

Exploitdb
49540

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
9.0 (critical)

Miscellaneous

Original Researcher
Erik David Martin
Verified
Yes
WPVDB ID
9c847b3e-f628-4fec-8c57-dec301362acd

Timeline

Publicly Published
2021-02-08 (about 5 years ago)
Added
2021-02-08 (about 5 years ago)
Last Updated
2021-02-09 (about 5 years ago)

Other

Published
Title
Published
2025-10-14
Title
WP jQuery Pager <= 1.4.0 - Authenticated (Contributor+) SQL Injection via Shortcode
Published
2026-02-17
Title
Business Directory Plugin < 6.4.22 - Unauthenticated SQL Injection via payment Parameter
Published
2022-04-12
Title
Order Listener for WooCommerce < 3.2.2 - Unauthenticated SQLi
Published
2024-10-31
Title
Download-Mirror-Counter <= 1.1 - Authenticated (Contributor+) SQL Injection
Published
2023-07-10
Title
RSVPMarker < 10.5.5 - Admin+ SQL Injection (SQLi)