CVE-2025-1475

The WPCOM Member plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.7.5. This is due to insufficient verification on the 'userphone' parameter when logging in. This makes it possible for unauthenticated attackers to log in as any existing user on t...

EUVD-2025-7400

Malicious code in bioql PyPI...

PT-2025-11248

Name of the Vulnerable Software and Affected Versions: WPCOM Member plugin for WordPress versions up to, and including, 1.7.6 Description: The issue is related to time-based SQL Injection via the user phone parameter due to insufficient escaping on the user-supplied parameter and lack of sufficie...

CVE-2025-1475

The WPCOM Member plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.7.5. This is due to insufficient verification on the 'userphone' parameter when logging in. This makes it possible for unauthenticated attackers to log in as any existing user on t...

CVE-2025-1475 WPCOM Member <= 1.7.5 - Authentication Bypass via 'user_phone'

The WPCOM Member plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.7.5. This is due to insufficient verification on the 'userphone' parameter when logging in. This makes it possible for unauthenticated attackers to log in as any existing user on t...

CVE-2020-18020

SQL Injection in PHPSHE Mall System v1.7 allows remote attackers to execute arbitrary code by injecting SQL commands into the "userphone" parameter of a crafted HTTP request to the "admin.php" component...

PHPSHE Mall System SQL注入漏洞

PHPSHE is a set of online shopping mall system of China Lingbao Jane Hao Network Technology PHPSHE Company. The system supports express tracking, online chat, order evaluation and statistics and other functions. A security vulnerability exists in PHPSHE Mall System v1.7 that allows remote attacke...