February 26, 2024 at 10:21AM
A critical SQL injection vulnerability in the Ultimate Member WordPress plugin with 200,000 installations allowed unauthenticated attackers to extract sensitive data by appending SQL queries. The flaw, tracked as CVE-2024-1071, was assigned a CVSS score of 9.8. The issue was resolved in the Ultimate Member version 2.8.3 on February 19. Users are advised to update immediately.
Key takeaways from the meeting notes:
– A critical SQL injection vulnerability in the Ultimate Member WordPress membership plugin, affecting web sites with over 200,000 installations, was reported by security vendor Defiant.
– The vulnerability, tracked as CVE-2024-1071 with a CVSS score of 9.8, could be exploited by unauthenticated attackers to extract sensitive data from databases.
– The vulnerability exists due to an insecure implementation in the user query functionality, which fails to protect against SQL injection attacks.
– Attackers can exploit the vulnerability using a time-based blind approach, but the exploit requires the plugin’s “Enable custom table for usermeta” option to be active.
– The vulnerability was resolved in Ultimate Member version 2.8.3, which was released on February 19, after being reported on January 30. A bug bounty of $2,063 was awarded to the reporting researcher.
– Ultimate Member users are advised to update to the patched version as soon as possible.
– Defiant has already blocked one attempt to exploit the vulnerability.
This summary captures the critical details of the meeting notes regarding the SQL injection vulnerability in the Ultimate Member WordPress plugin.