Lucene search
K

8 matches found

Metasploit
Metasploit
added 2024/10/30 6:56 p.m.440 views

WordPress Ultimate Member SQL Injection (CVE-2024-1071)

The Ultimate Member plugin for WordPress up to version 2.8.2 is vulnerable to SQL injection via the 'sorting' parameter. This allows unauthenticated attackers to exploit blind SQL injections and extract sensitive information from the database. Module Options msf use...

9.8CVSS9.8AI score0.89431EPSS
Exploits8
GithubExploit
GithubExploit
added 2024/09/15 11:28 a.m.539 views

Exploit for SQL Injection in Ultimatemember Ultimate_Member

WordPress CVE 2024-1071 SQL Exploit !1713786351923https://...

9.8CVSS9.5AI score0.89431EPSS
Exploits8
GithubExploit
GithubExploit
added 2024/03/18 4:58 p.m.497 views

Exploit for SQL Injection in Ultimatemember Ultimate_Member

CVE-2024-1071 CVE-2024-1071 Ultimate Member Unauthor...

9.8CVSS9.6AI score0.89431EPSS
Exploits8
CVE
CVE
added 2024/03/13 3:26 p.m.242 views

CVE-2024-1071

Summary: CVE-2024-1071 affects WordPress via the Ultimate Member plugin, versions 2.1.3–2.8.2, with a SQL injection in the sorting parameter due to insufficient escaping and unprepared queries. This allows unauthenticated attackers to append or inject SQL to extract data from the database; impact...

9.8CVSS9.6AI score0.89431EPSS
Exploits8References6Affected Software1
Imperva Blog
Imperva Blog
added 2024/02/28 5:0 p.m.49 views

Imperva Customers are Protected Against New SQL Injection Vulnerability in WordPress Plugin

A critical security flaw, identified as CVE-2024-1071, was discovered in the Ultimate Member plugin for WordPress, affecting over 200,000 active installations. This vulnerability has a high severity CVSS score of 9.8 and allows for SQL injection via the sorting parameter due to insufficient input...

7.5CVSS8.8AI score0.89431EPSS
Exploits8
GithubExploit
GithubExploit
added 2024/02/27 11:41 a.m.659 views

Exploit for SQL Injection in Ultimatemember Ultimate_Member

CVE-2024-1071 Ultimate Member Unauthorized Database Access...

9.8CVSS9.6AI score0.89431EPSS
Exploits8
The Hacker News
The Hacker News
added 2024/02/27 5:43 a.m.103 views

WordPress Plugin Alert - Critical SQLi Vulnerability Threatens 200K+ Websites

A critical security flaw has been disclosed in a popular WordPress plugin called Ultimate Member that has more than 200,000 active installations. The vulnerability, tracked as CVE-2024-1071, carries a CVSS score of 9.8 out of a maximum of 10. Security researcher Christiaan Swiers has been credite...

9.8CVSS7.9AI score0.89431EPSS
Exploits20
Patchstack
Patchstack
added 2024/02/23 12:0 a.m.37 views

WordPress Ultimate Member Plugin 2.1.3-2.8.2 is vulnerable to SQL Injection

Software Ultimate Member Type Plugin Vulnerable versions 2.1.3-2.8.2 Fixed in 2.8.3 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-1071 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID d52d7ae096c8 Credits Christiaan Swiers Required privilege...

9.8CVSS6.9AI score0.89431EPSS
Exploits8References3Affected Software1
Rows per page
Query Builder