CVE-2024-12276

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-12276
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to second-order SQL Injection via filenames in all versions up to, and including, 2.9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with access to upload files and manage filenames through a third-party plugin like a File Manager, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The risk of this vulnerability is very minimal as it requires a user to be able to manipulate filenames in order to successfully exploit.

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://plugins.trac.wordpress.org/changeset/3242743/ultimate-member/tags/2.10.0/includes/core/class-uploader.php Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/846f9828-2f1f-4d08-abfb-909b8d634d8a?source=cve Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:ultimatemember:ultimate_member:*:*:*:*:*:wordpress:*:*
History

25 Feb 2025, 03:34

Type Values Removed Values Added
References () https://plugins.trac.wordpress.org/changeset/3242743/ultimate-member/tags/2.10.0/includes/core/class-uploader.php - () https://plugins.trac.wordpress.org/changeset/3242743/ultimate-member/tags/2.10.0/includes/core/class-uploader.php - Patch
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/846f9828-2f1f-4d08-abfb-909b8d634d8a?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/846f9828-2f1f-4d08-abfb-909b8d634d8a?source=cve - Third Party Advisory
Summary
  • (es) El complemento Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin para WordPress es vulnerable a la inyección SQL de segundo orden a través de nombres de archivo en todas las versiones hasta la 2.9.2 incluida, debido a un escape insuficiente en el parámetro proporcionado por el usuario y a la falta de preparación suficiente en la consulta SQL existente. Esto hace posible que los atacantes autenticados, con acceso para cargar archivos y administrar nombres de archivos a través de un complemento de terceros como un administrador de archivos, agreguen consultas SQL adicionales a las consultas ya existentes que se pueden usar para extraer información confidencial de la base de datos. El riesgo de esta vulnerabilidad es mínimo, ya que requiere que un usuario pueda manipular los nombres de archivo para explotarla con éxito.
First Time Ultimatemember
Ultimatemember ultimate Member
CPE cpe:2.3:a:ultimatemember:ultimate_member:*:*:*:*:*:wordpress:*:*

21 Feb 2025, 10:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-02-21 10:15

Updated : 2025-02-25 03:34

NVD link : CVE-2024-12276

Mitre link : CVE-2024-12276

CVE.ORG link : CVE-2024-12276

JSON object : View

Products Affected

ultimatemember

  • ultimate_member
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')