From thehackernews.com
A critical security flaw has been disclosed in a popular WordPress plugin called Ultimate Member that has more than 200,000 active installations.
The vulnerability, tracked as CVE-2024-1071, carries a CVSS score of 9.8 out of a maximum of 10. Security researcher Christiaan Swiers has been credited with discovering and reporting the flaw.
In an advisory published last week, WordPress security company Wordfence said the plugin is “vulnerable to SQL Injection via the ‘sorting’ parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.”
As a result, unauthenticated attackers could take advantage of the flaw to append additional SQL queries into already existing queries and extract sensitive data from the database.
It’s worth noting that the issue only affects users who have checked the “Enable custom table for usermeta” option in the plugin settings.