CVE-2020-37244

HIGH

WordPress Plugin Supsystic Membership 1.4.7 SQL Injection via sidx

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-37244. PoCs published by Erik David Martin.

AI-analyzed exploit summary The exploit demonstrates a SQL injection vulnerability in WordPress Plugin Supsystic Membership 1.4.7 via the 'search' and 'sidx' GET parameters. It includes payloads for time-based blind and UNION-based SQL injection, leveraging sqlmap for exploitation.

Description

Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'search' and 'sidx' parameters. Attackers can send GET requests to the badges module with crafted payloads to extract sensitive database information using time-based blind or UNION-based SQL injection techniques.

Exploits (1)

exploitdb WORKING POC

by Erik David Martin · textwebappsphp

https://www.exploit-db.com/exploits/49540

View Code ZIP pw:eip

The exploit demonstrates a SQL injection vulnerability in WordPress Plugin Supsystic Membership 1.4.7 via the 'search' and 'sidx' GET parameters. It includes payloads for time-based blind and UNION-based SQL injection, leveraging sqlmap for exploitation.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: WordPress Plugin Supsystic Membership 1.4.7

Auth required

Prerequisites: WordPress admin access · sqlmap tool

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed May 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit

ExploitDB-49540

https://www.exploit-db.com/exploits/49540

Product product

Official Product Homepage

https://supsystic.com/

Product product

Product Reference

https://downloads.wordpress.org/plugin/membership-by-supsystic.1.4.7.zip

Third Party Advisory third-party-advisory

VulnCheck Advisory: WordPress Plugin Supsystic Membership 1.4.7 SQL Injection via sidx

https://www.vulncheck.com/advisories/wordpress-plugin-supsystic-membership-sql-injection-via-sidx

Scores

CVSS v3 8.2

EPSS 0.0028

EPSS Percentile 19.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (1)

Supsystic/Membership 1.4.7

Published May 16, 2026

Tracked Since May 16, 2026