WordPress Ultimate Member Plugin: Unauthorized Database Access / SQL Injection

A severe security flaw, designated as CVE-2024-1071 and receiving a CVSS severity score of 9.8 out of 10, has been uncovered in the widely used Ultimate Member plugin for WordPress. This plugin, integral to over 200,000 WordPress sites globally for managing user registration, profiles, login, and content restriction, has accumulated over 9 million downloads, highlighting the significant reach and potential impact of this vulnerability.

Our analysis at Secragon reveals that the root cause lies in the insecure handling of the plugin’s user query functionality, specifically through the ‘sorting’ parameter. Due to insufficient sanitization and preparation of SQL queries, this parameter can be manipulated by remote unauthenticated attackers, enabling them to inject malicious SQL commands. The consequences of such an attack extend beyond unauthorized access and breaching registered user data, including usernames, emails, and passwords. Further exploitation could lead to complete website compromise, enabling attackers to modify, delete, or even ransom websites, causing extended downtime, significant operational disruption, loss of revenue, and damaged reputation.

Our team at Secragon has developed an exploit demonstrating the ease of exploiting this vulnerability, and we’ve published the Proof of Concept (PoC) on our GitHub page. Strictly for educational and research purposes! Please use responsibly.

To mitigate the risk posed by CVE-2024-1071, we strongly recommend:

  • Update the Ultimate Member plugin to version 2.8.3 to mitigate the vulnerability.
  • Review your WordPress site to ensure no unauthorized access or changes have occurred.
  • Monitor your website for any unusual activity or unauthorized access attempts.
  • Educate your website administrators and users on safe browsing practices and security measures.

The discovery of CVE-2024-1071 underscores the critical need for comprehensive security measures and the importance of proactive vulnerability management. To further enhance your website’s security posture and protect against sophisticated cyber threats, consider leveraging Secragon’s offensive security services. Our team of experts specializes in identifying vulnerabilities, assessing potential threats, and implementing cutting-edge security solutions tailored to your specific needs.

Because…

Every Bit, Every Byte, WHERE VULNERABILITIES EXIST, ATTACKS HAPPEN!

Act Today, Secure Tomorrow!

Related Resources

WordPress Ultimate Member Plugin: Unauthorized Database Access / SQL Injection

A critical vulnerability that poses a serious threat to the security of

Penetration Testing ROI

Insights into how mature security organizations measure and demonstrate ROI in offensive

Elementor Pro: Unauthorized Admin Access

A critical vulnerability that poses a serious threat to the security of

WooCommerce Payments: Unauthorized Admin Access

A critical vulnerability in the WooCommerce Payments plugin has been discovered, which

Checkmk: Unauthenticated RCE Exploit

Secragon was recently tasked with conducting an internal infrastructure pentest for a

Looking For A

Trusted Cybersecurity
Provider?

related Articles

WordPress Ultimate Member Plugin: Unauthorized Database Access / SQL Injection

A critical vulnerability that poses a serious threat to the security of

Penetration Testing ROI

Insights into how mature security organizations measure and demonstrate ROI in offensive

Elementor Pro: Unauthorized Admin Access

A critical vulnerability that poses a serious threat to the security of

WooCommerce Payments: Unauthorized Admin Access

A critical vulnerability in the WooCommerce Payments plugin has been discovered, which

Checkmk: Unauthenticated RCE Exploit

Secragon was recently tasked with conducting an internal infrastructure pentest for a

© 2024 Secragon LLC All Rights Reserved

Scroll to Top