Rapid7’s 2026 Global Cybersecurity Summit is now available on-demand.Watch sessions.
Rapid7

vulnerability

WordPress Plugin: membership-simplified-for-oap-members-only: CVE-2017-1002010: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Try Surface Command
Back to search
Severity
7
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Mar 17, 2017
Added
May 15, 2025
Modified
Apr 30, 2026

Description

Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete_media function.

Solution

membership-simplified-for-oap-members-only-plugin-cve-2017-1002010

References

Title
Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report