#UltimateMemberPlugin

Ultimate Member Plugin Flaw Exposes 100,000 WordPress Sites to Attacks

by

March 11, 2024 at 11:15AM High-severity vulnerability in Ultimate Member plugin (CVE-2024-2123) enables injection of malicious scripts into WordPress sites. Insufficient input sanitization and output escaping in the plugin’s members directory list functionality allow unauthenticated attackers to inject web scripts and potentially gain administrative user access. Patch released on March 6, impacting versions 2.8.3 and … Read more

Critical Flaw in Popular ‘Ultimate Member’ WordPress Plugin

by

February 26, 2024 at 10:21AM A critical SQL injection vulnerability in the Ultimate Member WordPress plugin with 200,000 installations allowed unauthenticated attackers to extract sensitive data by appending SQL queries. The flaw, tracked as CVE-2024-1071, was assigned a CVSS score of 9.8. The issue was resolved in the Ultimate Member version 2.8.3 on February 19. … Read more