CVE-2025-0308
Published: 18 January 2025
Description
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the search parameter in all versions up to, and including, 2.9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Security Summary
CVE-2025-0308 is a time-based SQL injection vulnerability in the Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin for WordPress. It affects all versions up to and including 2.9.1 and stems from insufficient escaping of the user-supplied search parameter combined with inadequate preparation of the existing SQL query in the plugin's member directory functionality.
Unauthenticated attackers can exploit this vulnerability remotely with low complexity, requiring no privileges or user interaction. By appending malicious SQL queries to existing ones via the search parameter, they can extract sensitive information from the database. The CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) reflects high confidentiality impact with no integrity or availability disruption.
Advisories and source details are available in referenced resources, including the Wordfence threat intelligence page at https://www.wordfence.com/threat-intel/vulnerabilities/id/e3e5bb98-2652-499a-b8cd-4ebfe1c1d890?source=cve and the vulnerable code in class-member-directory.php at line 1877 (https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.9.1/includes/core/class-member-directory.php#L1877).
Details
- CWE(s)