8 matches found
WordPress Ultimate Member SQL Injection (CVE-2024-1071)
The Ultimate Member plugin for WordPress up to version 2.8.2 is vulnerable to SQL injection via the 'sorting' parameter. This allows unauthenticated attackers to exploit blind SQL injections and extract sensitive information from the database. Module Options msf use...
Exploit for SQL Injection in Ultimatemember Ultimate_Member
WordPress CVE 2024-1071 SQL Exploit !1713786351923https://...
Exploit for SQL Injection in Ultimatemember Ultimate_Member
CVE-2024-1071 CVE-2024-1071 Ultimate Member Unauthor...
CVE-2024-1071
Summary: CVE-2024-1071 affects WordPress via the Ultimate Member plugin, versions 2.1.3–2.8.2, with a SQL injection in the sorting parameter due to insufficient escaping and unprepared queries. This allows unauthenticated attackers to append or inject SQL to extract data from the database; impact...
Imperva Customers are Protected Against New SQL Injection Vulnerability in WordPress Plugin
A critical security flaw, identified as CVE-2024-1071, was discovered in the Ultimate Member plugin for WordPress, affecting over 200,000 active installations. This vulnerability has a high severity CVSS score of 9.8 and allows for SQL injection via the sorting parameter due to insufficient input...
Exploit for SQL Injection in Ultimatemember Ultimate_Member
CVE-2024-1071 Ultimate Member Unauthorized Database Access...
WordPress Plugin Alert - Critical SQLi Vulnerability Threatens 200K+ Websites
A critical security flaw has been disclosed in a popular WordPress plugin called Ultimate Member that has more than 200,000 active installations. The vulnerability, tracked as CVE-2024-1071, carries a CVSS score of 9.8 out of a maximum of 10. Security researcher Christiaan Swiers has been credite...
WordPress Ultimate Member Plugin 2.1.3-2.8.2 is vulnerable to SQL Injection
Software Ultimate Member Type Plugin Vulnerable versions 2.1.3-2.8.2 Fixed in 2.8.3 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-1071 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID d52d7ae096c8 Credits Christiaan Swiers Required privilege...