User Registration and Membership WordPress Plugin SQL Injection Vulnerability

A SQL injection vulnerability has been identified in the User Registration & Membership plugin for WordPress, affecting versions through 4.3.0. The vulnerability arises from inadequate escaping of user-supplied data in the 's' parameter, allowing authenticated attackers with administrator-level access to manipulate SQL queries. This exploitation could lead to unauthorized access to sensitive information in the database.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on behalf of the user.

Reproduction

To reproduce this vulnerability, an authenticated user with administrative privileges can send a request to the WordPress admin area that includes the 's' parameter. The request should be directed to a page that uses the MembersListTable class, such as the Users list table. The injected SQL payload can then be crafted to exploit the vulnerability by appending additional SQL commands to the existing query, potentially extracting sensitive data from the database.

Remediation

Users are advised to update the User Registration & Membership plugin to version 4.4.0 or later, where this vulnerability has been patched.