CVE-2017-1002025

Vulnerability in wordpress plugin add-edit-delete-listing-for-member-module v1.0, The plugin author does not sanitize user supplied input via $act before passing it into an SQL statement.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
larry_cashdollarCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
VendorProductVersion
add-edit-delete-listing-for-member-module_projectadd-edit-delete-listing-for-member-module
1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.vapidlabs.com/advisory.php?v=196
https://wordpress.org/plugins/add-edit-delete-listing-for-member-module/
http://www.vapidlabs.com/advisory.php?v=196
https://wordpress.org/plugins/add-edit-delete-listing-for-member-module/