CVE-2017-1002008 – This vulnerability allows unauthenticated attac... (How to Fix)

Q: What is the severity of CVE-2017-1002008?

CVE-2017-1002008 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows unauthenticated attackers to download any file from WordPress sites running the vulnerable 'Membership Simplified for OAP Members Only' plugin. Attackers can bypass authentication entirely and access protected files without any credentials. All WordPress installations using version 1.58 of this plugin are affected.

📋 TL;DR

This vulnerability allows unauthenticated attackers to download any file from WordPress sites running the vulnerable 'Membership Simplified for OAP Members Only' plugin. Attackers can bypass authentication entirely and access protected files without any credentials. All WordPress installations using version 1.58 of this plugin are affected.

💻 Affected Systems

Products:

Membership Simplified for OAP Members Only WordPress Plugin

Versions: Version 1.58

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects WordPress installations with this specific plugin version enabled.

📦 What is this software?

Membership Simplified by Membership Simplified Project

View all CVEs affecting Membership Simplified →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers download sensitive files containing user data, credentials, configuration secrets, or proprietary content, leading to complete data breach and potential follow-on attacks.

🟠

Likely Case

Unauthorized access to protected content, member-only files, or sensitive documents that should require authentication.

🟢

If Mitigated

No impact if proper authentication checks are implemented or plugin is disabled/removed.

🌐 Internet-Facing: HIGH - The vulnerable download.php file is directly accessible via web requests without authentication.

🏢 Internal Only: MEDIUM - Internal users could still exploit this if they have network access to the WordPress instance.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP GET requests to download.php with file parameters can bypass authentication. Exploit code is publicly available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 1.59 or later

Vendor Advisory: https://wordpress.org/plugins/membership-simplified-for-oap-members-only

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins. 3. Find 'Membership Simplified for OAP Members Only'. 4. Click 'Update Now' if available. 5. If no update available, deactivate and delete the plugin.

🔧 Temporary Workarounds

Disable vulnerable plugin

all

Deactivate the plugin to prevent exploitation while waiting for patch

Block access to download.php

linux

Use web server configuration to block direct access to the vulnerable file

# For Apache: add to .htaccess
<Files "download.php">
    Order Allow,Deny
    Deny from all
</Files>
# For Nginx: add to server block
location ~* /wp-content/plugins/membership-simplified-for-oap-members-only/download\.php$ {
    deny all;
    return 403;
}

🧯 If You Can't Patch

Immediately deactivate and remove the plugin from all WordPress installations
Implement web application firewall rules to block requests to download.php with file parameters

🔍 How to Verify

Check if Vulnerable:

Check if /wp-content/plugins/membership-simplified-for-oap-members-only/download.php exists and is accessible without authentication. Try accessing it directly via browser or curl.

Check Version:

# Check WordPress plugin version via database
SELECT * FROM wp_options WHERE option_name LIKE '%membership-simplified%';

Verify Fix Applied:

After update, verify plugin version is 1.59+ in WordPress admin panel and test that download.php now requires authentication.

📡 Detection & Monitoring

Log Indicators:

HTTP 200 responses to /wp-content/plugins/membership-simplified-for-oap-members-only/download.php without preceding authentication logs
Unusual file download patterns from the plugin directory

Network Indicators:

GET requests to download.php with file= parameters from unauthenticated sources
Traffic spikes to the plugin's download endpoint

SIEM Query:

source="web_server" AND uri="/wp-content/plugins/membership-simplified-for-oap-members-only/download.php" AND NOT (user_agent="WordPress/*" OR referer="*wp-admin*")

📊 Metadata

CVE ID: CVE-2017-1002008

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

Published: September 14, 2017

Last Updated: April 20, 2025

🔗 References

http://www.vapidlabs.com/advisory.php?v=187 Exploit,Third Party Advisory
https://wordpress.org/plugins/membership-simplified-for-oap-members-only Not Applicable
https://wpvulndb.com/vulnerabilities/8777 Third Party Advisory
https://www.exploit-db.com/exploits/41622/ Exploit,Third Party Advisory,VDB Entry
http://www.vapidlabs.com/advisory.php?v=187 Exploit,Third Party Advisory
https://wordpress.org/plugins/membership-simplified-for-oap-members-only Not Applicable
https://wpvulndb.com/vulnerabilities/8777 Third Party Advisory
https://www.exploit-db.com/exploits/41622/ Exploit,Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-1002008, you might also want to check these: