CVE-2017-1002008

CRITICAL

membership-simplified-for-oap-members-only < 1.58 - Unauthenticated Arbitrary File Upload via download.php

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-1002008. PoCs published by The Martian.

AI-analyzed exploit summary This exploit leverages a path traversal vulnerability in the WordPress plugin 'Membership Simplified' to arbitrarily download sensitive files like wp-config.php or /etc/passwd. It checks for plugin existence and writes the retrieved file to a local file.

Description

Vulnerability in wordpress plugin membership-simplified-for-oap-members-only v1.58, The file download code located membership-simplified-for-oap-members-only/download.php does not check whether a user is logged in and has download privileges.

Exploits (1)

exploitdb WORKING POC

by The Martian · pythonwebappsphp

https://www.exploit-db.com/exploits/41622

View Code ZIP pw:eip

This exploit leverages a path traversal vulnerability in the WordPress plugin 'Membership Simplified' to arbitrarily download sensitive files like wp-config.php or /etc/passwd. It checks for plugin existence and writes the retrieved file to a local file.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: WordPress Plugin Membership Simplified v1.58

No auth needed

Prerequisites: Target must have the vulnerable plugin installed · Plugin must be accessible at the default path

MITRE ATT&CK

T1005 - Data from Local System T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Not Applicable x_refsource_misc

https://wordpress.org/plugins/membership-simplified-for-oap-members-only

Exploit, Third Party Advisory x_refsource_misc

http://www.vapidlabs.com/advisory.php?v=187

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/41622/

Third Party Advisory x_refsource_misc

https://wpvulndb.com/vulnerabilities/8777

Scores

CVSS v3 9.8

EPSS 0.1693

EPSS Percentile 96.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (2)

membership_simplified_project/membership_simplified 1.58

William DeAngelis/membership-simplified-for-oap-members-only unspecified - 1.58

Published Sep 14, 2017

Tracked Since Feb 18, 2026