Code Futures · Yourmembers · CVE-2014-100003
**Name of the Vulnerable Software and Affected Versions**
Code Futures YourMembers plugin for WordPress (affected versions not specified)
**Description**
The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `ym download id` parameter in the `/includes/ym-download functions.include.php` file.
**Recommendations**
For the Code Futures YourMembers plugin, consider restricting access to the `ym download id` parameter in the affected API endpoint until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.