A critical unauthenticated SQL Injection vulnerability, identified as CVE-2024-1071, has been discovered in versions 2.1.3 to 2.8.2 of the Ultimate Member WordPress plugin. This vulnerability affects over 200,000 active installations and allows attackers to inject malicious SQL commands through the ‘sorting’ parameter. Successful exploitation could lead to the extraction of sensitive information, including password hashes, from the database.
What do you think?
It is nice to know your opinion. Leave a comment.