SQL Injection Vulnerability in Ultimate Member Plugin for WordPress
CVE-2024-12276

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
Vendor: CVE Published:; 21 February 2025

Summary

The Ultimate Member plugin for WordPress is susceptible to second-order SQL injection due to improper escaping of user-supplied parameters. This vulnerability allows authenticated users, who have the ability to upload files and manage filenames via a third-party file manager, to inject additional SQL queries into existing ones. Consequently, this could lead to the unauthorized extraction of sensitive database information. However, exploiting this vulnerability requires specific conditions that limit its overall risk.

Affected Version(s)

Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin * <= 2.9.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset/3242743/ulti...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 21, 2025
Vulnerability Reserved
Dec 5, 2024

Credit

Kevin Wydler