Ultimate Member Widgets for Elementor Missing Capability Check Vulnerability Allowing Unauthenticated Data Exposure
Vulnerability
A vulnerability exists in the Ultimate Member Widgets for Elementor - WordPress User Directory plugin, in all versions through 2.3. The issue arises from a missing capability check in the handle_filter_users function, which allows unauthenticated attackers to access partial metadata of all WordPress users. This metadata includes first names, last names, and email addresses.
Impact
Exploitation of this vulnerability leads to unauthorized access to sensitive user information, including first names, last names, and email addresses of all WordPress users.
Reproduction
The vulnerability can be reproduced by sending an AJAX request to the 'wp_ajax_nopriv_um_filter_users' action without the necessary authorization. This request can be made from the front end of a WordPress site, as it does not require user authentication. The 'widget_id' parameter must be included to specify which Elementor widget is being targeted. Once the request is sent, the response will include the exposed user metadata.
Remediation
Users are advised to update the Ultimate Member Widgets for Elementor - WordPress User Directory plugin to version 2.4 or later.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.