CVE-2017-1002008

2017-09-1413:00:00

larry_cashdollar

www.cve.org

AI Score

9.5

Confidence

High

EPSS

0.054

Percentile

93.2%

JSON

Vulnerability in wordpress plugin membership-simplified-for-oap-members-only v1.58, The file download code located membership-simplified-for-oap-members-only/download.php does not check whether a user is logged in and has download privileges.

CNA Affected

[
  {
    "product": "membership-simplified-for-oap-members-only",
    "vendor": "William DeAngelis",
    "versions": [
      {
        "lessThan": "1.58",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]