Description
SQL injection vulnerability in includes/ym-download_functions.include.php in the Code Futures YourMembers plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the ym_download_id parameter to the default URI.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by TranDinhTien · textwebappsphp
https://www.exploit-db.com/exploits/34968
References (2)
Core 2
Core References
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/34968
Exploit x_refsource_misc
http://packetstormsecurity.com/files/128668/YourMembers-Blind-SQL-Injection.html
Scores
EPSS
0.0153
EPSS Percentile
81.5%
Details
CWE
CWE-89
Status
published
Products (1)
yourmembers_project/yourmembers
Published
Jan 13, 2015
Tracked Since
Feb 18, 2026