InfoSecBulletin Cybersecurity for mankind
A critical security vulnerability has been revealed in the widely used WordPress plugin called Ultimate Member, which is installed on over 200,000 websites.
The vulnerability CVE-2024-1071 has a high CVSS score of 9.8 out of 10. It was discovered and reported by security researcher Christiaan Swiers.
Check Point said BreachForum post old data
Apple Warns of 3 Zero Day Vulns Actively Exploited
24,000 unique IP attempted to access Palo Alto GlobalProtect portals
CVE-2025-1268
Patch urgently! Canon Fixes Critical Printer Driver Flaw
Within Minute, RamiGPT To Escalate Privilege Gaining Root Access
Australian fintech database exposed in 27000 records
Over 200 Million Info Leaked Online Allegedly Belonging to X
FBI investigating cyberattack at Oracle, Bloomberg News reports
OpenAI Offering $100K Bounties for Critical Vulns
Splunk Alert User RCE and Data Leak Vulns
WordPress security company Wordfence recently published an advisory stating that the plugin is vulnerable to SQL Injection when using the ‘sorting’ parameter in versions 2.1.3 to 2.8.2. This vulnerability is due to insufficient escaping on the user supplied parameter and lack of proper preparation on the SQL query.
Attackers without authentication can take advantage of this problem to add extra SQL queries to existing ones and access important data from the database.
The issue only affects users who have enabled the “Enable custom table for usermeta” option in the plugin settings.
A fix for the flaw was released by the plugin developers on February 19, after a responsible disclosure on January 30, 2024.
