CVE-2017-1002010

Name of the Vulnerable Software and Affected Versions Membership Simplified version 1.58

Description The issue concerns a blind SQL injection vulnerability in the Membership Simplified plugin for WordPress. Specifically, the code in the updateDB.php file is vulnerable because it fails to sanitize user input via the recordId variable in the delete media function.

Recommendations For Membership Simplified version 1.58, consider disabling the delete media function in the updateDB.php file until a patch is available to prevent potential exploitation. Restrict access to the updateDB.php file to minimize the risk of blind SQL injection attacks. Avoid using the recordId variable in the affected function until the issue is resolved.