cleantalk
Vulnerabilities and Security Researches

Simple Membership, 17527cfb2d42b5bacb8d579c3d6814f8a6188bfb

CVE, Research URL

17527cfb2d42b5bacb8d579c3d6814f8a6188bfb

Home page URL

Security reports for Simple Membership

Application

Simple Membership

Published on
Apr 05, 2021
Research Description
Simple Membership [simple-membership] < 4.0.4 Simple Membership <= 4.0.3 - Authenticated (Admin+) SQL Injections The Simple Membership plugin for WordPress is vulnerable to time-based SQL Injection via the 's' and 'status' parameters in versions up to, and including, 4.0.3 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated Admin+ attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions
max 4.0.4.
Status
vulnerable
Previous vulnerability researches
Simple Membership WP user Import (CVE-2023-0254) , Jun 07, 2024
Simple Membership WP user Import (CVE-2026-24986) , Feb 27, 2026
Simple Membership Custom Messages (CVE-2025-24660) , Feb 01, 2025
Simple Membership After Login Redirection (CVE-2024-47354) , Oct 03, 2024
Simple Membership (CVE-2024-11088) , Nov 23, 2024
New vulnerability
BetterDocs – Best Documentation, FAQ &amp; Knowledge Base Plugin with AI Support (CVE-2026-12157) , Jun 19, 2026
Advanced Import : One Click Import for WordPress or Theme Demo Data (CVE-2026-4328) , Jun 19, 2026
Falang multilanguage for WordPress (CVE-2026-54805) , Jun 19, 2026
SMS Alert Order Notifications &#8211; WooCommerce (CVE-2026-54803) , Jun 19, 2026
SMS Alert Order Notifications &#8211; WooCommerce (CVE-2026-54802) , Jun 19, 2026