| A SQL Injection vulnerability in the WPCOM Member plugin for WordPress, affecting versions up to and including 1.7.6. The vulnerability exists in the user_phone parameter, which lacks proper input sanitization and SQL query preparation. This allows unauthenticated attackers to inject additional SQL queries to extract sensitive information from the database. |
