SQL Injection Vulnerability in Ultimate Member Plugin for WordPress
CVE-2024-1071

9.8CRITICAL

Key Information:

Vendor
Wordpress
Status
Ultimate Member โ€“ User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
Vendor
CVE Published:
13 March 2024

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC๐Ÿ“ฐ News Worthy

Summary

The Ultimate Member plugin for WordPress is susceptible to SQL Injection through the 'sorting' parameter, present in versions 2.1.3 to 2.8.2. This vulnerability arises from inadequate escaping of the user-supplied parameter and poor preparation of the SQL query. As a result, unauthenticated attackers can inject malicious SQL queries into existing ones, potentially leading to the unauthorized extraction of sensitive data from the database. It is crucial for website administrators using this plugin to address this vulnerability promptly to mitigate potential risks.

Affected Version(s)

Ultimate Member โ€“ User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin 2.1.3 <= 2.8.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-1071-SQL-Injection
Created by fa-rrel

News Articles

favicon imageCybersafe Solutions

Cybersafe Solutions Security Advisory Bulletin March 1, 2024

Security Updates for Progress Kempโ€™s LoadMaster, WordPress Plugin โ€˜Ulimate Member,โ€™ Joomla, Google Chrome, and Mozilla Products

10 months ago

favicon imageIndusface

Ultimate Member WordPress Plugin (CVE-2024-1071) | Indusface Blog

Learn about the critical CVE-2024-1071 vulnerability in Ultimate Member WordPress Plugin, posing a threat to over 200K sites. Protect your website today.

11 months ago

favicon imageIndusface

Ultimate Member WordPress Plugin (CVE-2024-1071) | Indusface Blog

Learn about the critical CVE-2024-1071 vulnerability in Ultimate Member WordPress Plugin, posing a threat to over 200K sites. Protect your website today.

11 months ago

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/ultimate-membe...
https://plugins.trac.wordpress.org/browser/ultimate-membe...

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • ๐Ÿ“ฐ

    First article discovered by securityonline.info

  • Vulnerability Reserved

Credit

Christiaan Swiers
.