Recently, a critical security flaw was unearthed in Ultimate Member, a popular WordPress plugin boasting over 200,000 active installations. Tracked as CVE-2024-1071, this vulnerability scored a whopping 9.8 out of 10 on the CVSS scale. The discovery, credited to researcher Christiaan Swiers, brought to light an unauthenticated SQL Injection vulnerability lurking within versions 2.1.3 to 2.8.2 of the plugin.
Discovery and Resolution
Prompt action ensued after the submission of the vulnerability on January 30, 2024, during a Bug Bounty Program Extravaganza. Christiaan Swiers received a well-deserved bounty of $2,063.00 for his discovery. Wordfence, the WordPress security company, swiftly issued firewall rules to safeguard premium users against potential exploits. Ultimate Member’s development team responded promptly, releasing a patch on February 19, 2024, with version 2.8.3, effectively plugging the security hole.
Technical Analysis
The vulnerability stemmed from insufficient escaping on the ‘sorting’ parameter, enabling attackers to inject additional SQL queries into existing ones, potentially compromising sensitive data. While the impact primarily affected users who had enabled the “Enable custom table for usermeta” option, all users were advised to update to the patched version to mitigate risks.
Protection and Disclosure Timeline
Wordfence Premium, Care, and Response users were shielded immediately upon discovery, with free users set to receive protection shortly after. A meticulous disclosure timeline ensured transparent communication between researchers and plugin developers, culminating in a comprehensive fix.
In conclusion, the Ultimate Member plugin vulnerability underscores the importance of diligent security practices in the WordPress ecosystem. With the timely collaboration of security researchers, plugin developers, and vigilant users, potential threats can be identified, addressed, and mitigated effectively. Furthermore, as a proactive measure to enhance site security, it is strongly recommended to enable auto-updates for WordPress plugins, ensuring that critical patches and security fixes are promptly applied without manual intervention.