CRITICAL🇵🇱 Wersja polska

CVE-2024-1071

CVSS 9.8v3.1pub. 2024-03-13upd. 2025-03-05

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'sorting' parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

🤖 AI Analysis
How it works

The vulnerability results from insufficient escaping of user-supplied data in the 'sorting' parameter and lack of proper preparation of the existing SQL query. An attacker without any authentication can inject additional SQL fragments into existing queries (SQL Injection technique). The vulnerability is located in the 'class-member-directory-meta.php' file, which is responsible for handling the user directory.

Impact

An unauthenticated attacker can extract any sensitive information from the WordPress database, including user data, passwords (hashes), session tokens, and other confidential information stored in the database. Depending on server configuration, further compromise of system integrity and availability is also possible.

Mitigation & patch

The Ultimate Member plugin should be updated to a version higher than 2.8.2, which includes the fix (changeset 3038036). The patch is available in the official WordPress repository. If immediate update is not possible, consider temporarily disabling the plugin until the patch is deployed.

Who is affected

Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin for WordPress in versions from 2.1.3 to 2.8.2 inclusive.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Ultimatemember Ultimate Member

    APP
    Ultimatemember
    2.1.3 – 2.8.3 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLiAuth Bypass
CWE
References

Related vulnerabilities

CVE-2023-3460CRITICAL9.8ten sam produkt

The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with a...

CVE-2020-36156CRITICAL9.9ten sam produkt

An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Authenticated Privilege...

CVE-2020-36157CRITICAL10.0ten sam produkt

An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privile...

CVE-2020-36155CRITICAL10.0ten sam produkt

An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privile...

CVE-2025-0308HIGH7.5ten sam produkt

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Pl...