Critical SQLi flaw (CVE-2024-1071) in WordPress Ultimate Member plugin affects over 200K sites. Exploit allows unauthenticated attackers to inject malicious SQL queries. Only users who enabled “Enable custom table for usermeta” option are affected. Plugin developers released version 2.8.3 on February 19 to fix the flaw. Wordfence has blocked one exploit attempt in the last 24 hours, so users should update promptly.
You Might Be Interested In
- [CVSS 10] Alert: Active Exploit of Unpatched Cisco Vulnerability
- [CVSS 8+] Exploits in Qualcomm and Arm Chips
- AnyDesk Confirms Software Safety Post-Cyber Attack
- U.S. Internet Corp Exposed Internal and Customer Emails
- Meta to Start Tagging AI-Created Content from May
- Stolen Credentials Expose Okta Customer Data