WordPress Plugin Alert - Critical SQLi Vulnerability Threatens 200K+ Websites

2024-02-27 05:43

A critical security flaw has been disclosed in a popular WordPress plugin called Ultimate Member that has more than 200,000 active installations. The vulnerability, tracked as CVE-2024-1071, carries a CVSS score of 9.8 out of a maximum of 10. Security researcher Christiaan Swiers has been credited with discovering and reporting the flaw. In an advisory published last week, WordPress

News URL

https://thehackernews.com/2024/02/wordpress-plugin-alert-critical-sqli.html

#critical #vulnerability #wordpress #CVE-2024-1071

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2024-03-13	CVE-2024-1071	The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'sorting' parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.	0.0

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Wordpress		49	36	408	104	29	577
Plugin		2	0	13	0	0	13

News URL

Related news

Related Vulnerability

Related vendor