Ultimate Member Vulnerability – Unauthenticated SQL Injection – CVE-2024-1071 | WordPress Plugin Vulnerability Report

Plugin Name: Ultimate Member

Key Information:

  • Software Type: Plugin
  • Software Slug: ultimate-member
  • Software Status: Active
  • Software Author: ultimatemember
  • Software Downloads: 9,722,132
  • Active Installs: 200,000
  • Last Updated: February 23, 2024
  • Patched Versions: 2.8.3
  • Affected Versions: 2.1.3 - 2.8.2

Vulnerability Details:

  • Name: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin 2.1.3 - 2.8.2 - Unauthenticated SQL Injection
  • Type: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • CVE: CVE-2024-1071
  • CVSS Score: 9.8 (Critical)
  • Publicly Published: February 23, 2024
  • Researcher: Christiaan Swiers
  • Description: The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'sorting' parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Summary:

The Ultimate Member plugin for WordPress has a critical vulnerability in versions up to and including 2.8.2 that allows unauthenticated SQL injection. This vulnerability has been patched in version 2.8.3.

Detailed Overview:

Researcher Christiaan Swiers disclosed an unauthenticated SQL injection vulnerability in the Ultimate Member plugin affecting versions 2.1.3 through 2.8.2. The issue lies in the 'sorting' parameter which fails to properly sanitize user input before using it in an SQL query. This allows attackers to inject arbitrary SQL and extract sensitive information from the database. Given the widespread use of this plugin, sites running affected versions are at serious risk. Developers have patched the issue in version 2.8.3. All users are strongly advised to update immediately.

Advice for Users:

  1. Immediate Action: Upgrade to version 2.8.3 or higher immediately.
  2. Check for Signs of Compromise: Review logs and databases for unauthorized access or modification.
  3. Alternate Plugins: Consider alternative membership plugins like MemberPress or Members as a precaution.
  4. Stay Updated: Enable automatic updates on all plugins to receive security patches promptly.

Conclusion:

This serious vulnerability allowed attackers access to sensitive user information. The timely patch from developers shows the importance of applying security updates. Users must upgrade and enable auto-updates on all plugins.

References:

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/ultimate-member

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/ultimate-member/ultimate-member-user-profile-registration-login-member-directory-content-restriction-membership-plugin-213-282-unauthenticated-sql-injection

Detailed Report:

Keeping your WordPress website secure should be a top priority - vulnerabilities in outdated plugins and themes put your site and users at risk. Unfortunately, a serious security issue has recently been discovered in a widely used WordPress membership plugin, Ultimate Member, once again demonstrating the importance of promptly applying updates.

Ultimate Member is a popular plugin used by over 200,000 WordPress sites to manage user registration, profiles, login and content restriction. It has over 9 million downloads making it one of the most installed membership plugins available.

Researchers recently disclosed an unauthenticated SQL injection vulnerability affecting Ultimate Member versions 2.1.3 through 2.8.2. This vulnerability allows remote attackers to inject malicious SQL code and extract sensitive information from the database like usernames, emails and passwords. Attackers don’t need to authenticate - meaning anyone could exploit it.

This is an extremely serious vulnerability that put thousands of WordPress sites at risk of data breach. Beyond stealing registered user details, attackers could use it to modify, delete or hold websites ransom causing extended downtime. Researchers have assigned it a critical CVSS severity score of 9.8 out of 10.

Developers acted swiftly by releasing Ultimate Member version 2.8.3 to address the SQL injection vulnerability. All users of this plugin must update immediately to ensure your site and user data remains protected. You should also review logs and databases closely for any signs of unauthorized access.

This is just the latest in a long line of vulnerabilities in Ultimate Member. Since 2015 over 50 security flaws have been reported requiring urgent updates. Some allowed credential theft, others opened doors for persistent XSS attacks. This demonstrates why site owners can’t let security slip - new threats emerge constantly.

As a business owner, you don't have time to constantly monitor for WordPress vulnerabilities like this. At Your WP Guy, we become your outsourced IT team to handle security, updates, maintenance and support. Let us fully audit your site and plugins to assess any impact from this issue. We'll update everything to patched versions so you can rest easy knowing your site is locked down.

Focus on your business goals while we focus on your WordPress site's security. Chat with us anytime during business hours, schedule a call or call 678-995-5169 for a free consultation on securing your online presence.

Ultimate Member Vulnerability – Unauthenticated SQL Injection – CVE-2024-1071 | WordPress Plugin Vulnerability Report FAQs

Leave a Comment