Ultimate Member WordPress Plugin Unauthenticated Time-Based SQL Injection Vulnerability

A time-based SQL injection vulnerability has been identified in the Ultimate Member WordPress plugin, specifically in versions through 2.10.0. The vulnerability arises from inadequate escaping of user-supplied data in the 'search' parameter, allowing unauthenticated attackers to inject additional SQL queries. This exploitation could lead to the extraction of sensitive information from the database.

Impact

Exploitation of this vulnerability allows for time-based SQL injection, where an attacker can manipulate SQL queries to extract data from the database. This could include sensitive information such as user details or other private data stored in the database.

Reproduction

The vulnerability can be reproduced by sending a request to a member directory that includes the 'search' parameter. The injected SQL payload can be crafted to exploit the time-based SQL injection vulnerability, such as by using the 'SLEEP' function to create a delay, indicating successful exploitation.

Remediation

Users are advised to update the Ultimate Member WordPress plugin to version 2.10.1 or later, where this vulnerability has been patched.