CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 9CVE-2024-1071 – Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin 2.1.3 - 2.8.2 - Unauthenticated SQL Injection
https://notcve.org/view.php?id=CVE-2024-1071
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'sorting' parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. El complemento Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin para WordPress es vulnerable a la inyección SQL a través del parámetro 'clasificación' en las versiones 2.1.3 a 2.8.2 debido a un escape insuficiente en el usuario proporcionado parámetro y falta de preparación suficiente en la consulta SQL existente. Esto hace posible que atacantes no autenticados agreguen consultas SQL adicionales a consultas ya existentes que pueden usarse para extraer información confidencial de la base de datos. • https://github.com/gbrsh/CVE-2024-1071 https://github.com/Matrexdz/CVE-2024-1071 https://github.com/Matrexdz/CVE-2024-1071-Docker https://github.com/Trackflaw/CVE-2024-1071-Docker https://github.com/Nadjibbtabani/CVE-2024-1071 https://github.com/Nadjibbtabani/CVE-2024-1071-Docker https://github.com/fa-rrel/CVE-2024-1071-SQL-Injection https://github.com/Dogu589/WordPress-Exploit-CVE-2024-1071 https://github.com/Spid3heX/CVE-2024-1071-PoC-Script https://plugins.trac.wordpress • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 7%CPEs: 1EXPL: 8CVE-2023-3460 – Ultimate Member < 2.6.7 - Unauthenticated Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-3460
The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild. The Ultimate Member plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.6.6. This is due to the plugin using a predefined list of user meta keys that are banned which can be bypassed via a few method like adding slashes to the user meta key. This makes it possible for unauthenticated attackers to register on a site as an administrator. • https://github.com/gbrsh/CVE-2023-3460 https://github.com/diego-tella/CVE-2023-3460 https://github.com/julienbrs/exploit-CVE-2023-3460 https://github.com/Rajneeshkarya/CVE-2023-3460 https://github.com/yon3zu/Mass-CVE-2023-3460 https://github.com/EmadYaY/CVE-2023-3460 https://github.com/rizqimaulanaa/CVE-2023-3460 https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin https://wpscan.com/vulnerability/694235c7-4469-4ffd-a722-9225b19e98d7 • CWE-266: Incorrect Privilege Assignment •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31216 – WordPress Ultimate Member Plugin <= 2.6.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-31216
Cross-Site Request Forgery (CSRF) vulnerability in Ultimate Member plugin <= 2.6.0 versions. The Ultimate Member plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.0. This is due to missing or incorrect nonce validation on the duplicate_form function. This makes it possible for unauthenticated attackers to duplicate forms created with the plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/ultimate-member/wordpress-ultimate-member-plugin-2-6-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4061 – JobBoardWP < 1.2.2 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2022-4061
The JobBoardWP WordPress plugin before 1.2.2 does not properly validate file names and types in its file upload functionalities, allowing unauthenticated users to upload arbitrary files such as PHP. El complemento JobBoardWP de WordPress anterior a 1.2.2 no valida correctamente los nombres y tipos de archivos en sus funcionalidades de carga de archivos, lo que permite a usuarios no autenticados cargar archivos arbitrarios como PHP. The JobBoardWP plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in versions up to, and including, 1.2.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. • https://wpscan.com/vulnerability/fec68e6e-f612-43c8-8301-80f7ae3be665 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3966 – Ultimate Member Plugin Template class-shortcodes.php load_template pathname traversal
https://notcve.org/view.php?id=CVE-2022-3966
A vulnerability, which was classified as critical, has been found in Ultimate Member Plugin up to 2.5.0. This issue affects the function load_template of the file includes/core/class-shortcodes.php of the component Template Handler. The manipulation of the argument tpl leads to pathname traversal. The attack may be initiated remotely. Upgrading to version 2.5.1 is able to address this issue. • https://github.com/ultimatemember/ultimatemember/commit/e1bc94c1100f02a129721ba4be5fbc44c3d78ec4 https://github.com/ultimatemember/ultimatemember/releases/tag/2.5.1 https://vuldb.com/?id.213545 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •