CVE-2025-1702
Published: 05 March 2025
Description
Adversaries may leverage databases to mine valuable information.
Security Summary
CVE-2025-1702 is a time-based SQL injection vulnerability in the Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin for WordPress. It affects all versions up to and including 2.10.0 and stems from insufficient escaping of the user-supplied 'search' parameter combined with inadequate preparation of the existing SQL query in the plugin's core member directory functionality.
Unauthenticated attackers can exploit this vulnerability remotely with low complexity and no privileges required. By appending malicious SQL queries via the 'search' parameter, they can extract sensitive information from the database, such as user credentials or other confidential data, through time-based blind SQL injection techniques.
Mitigation involves updating to a patched version of the plugin beyond 2.10.0. References indicate fixes in the plugin's codebase, including a specific commit in pull request 1654 on GitHub (74647d42cc8d63f5d4f687efcd0792c246c23039), modifications to lines 1775 and 1863 in includes/core/class-member-directory.php visible in the WordPress plugin trac, and changeset 3249862 that applies the corrections. Security practitioners should review the plugin's developer page on WordPress.org for the latest stable release incorporating these changes.
Details
- CWE(s)
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability is a remote unauthenticated SQL injection in a public-facing WordPress plugin that directly enables exploitation of the web application (T1190) and facilitates extraction of sensitive data including credentials from the backend database (T1213.006).