CVE-2014-100003

Name of the Vulnerable Software and Affected Versions Code Futures YourMembers plugin for WordPress (affected versions not specified)

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the ym download id parameter in the /includes/ym-download functions.include.php file.

Recommendations For the Code Futures YourMembers plugin, consider restricting access to the ym download id parameter in the affected API endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.