The article discusses a recently discovered unauthenticated stored Cross-Site Scripting (XSS) vulnerability in the Ultimate Member WordPress plugin, which has over 200,000 active installations. The vulnerability was identified by a researcher named stealthcopter during the Bug Bounty Extravaganza hosted by Wordfence on February 28th, 2024. The researcher responsibly reported the issue, earning a bounty of $563.00 through the Wordfence Bug Bounty Program.
Wordfence, aiming to Secure the Web, continues to invest in vulnerability research and collaboration with researchers. All Wordfence Premium, Wordfence Care, and Wordfence Response customers, as well as users of the free Wordfence plugin, are already protected against exploits targeting this vulnerability by the Wordfence firewall’s Cross-Site Scripting protection.
The vulnerability details were disclosed to the Ultimate Member Team on March 2, 2024, and a patch was released promptly on March 6, 2024. Users are strongly advised to update their sites to the latest patched version of Ultimate Member, which is version 2.8.4, as soon as possible.
The technical analysis of the vulnerability reveals that the plugin’s members list functionality can be exploited to inject arbitrary web scripts. The user display name is displayed unescaped in the plugin template files, providing an opportunity for attackers to insert malicious scripts. The lack of escape functions in certain plugin functions further exacerbates the vulnerability.
The timeline of the vulnerability disclosure is outlined, starting from the initial submission on February 28, 2024, to the release of the patched version on March 6, 2024. The article concludes by emphasizing the importance of updating to the latest version of the Ultimate Member plugin to mitigate the risk posed by the vulnerability. Additionally, all Wordfence users are assured protection against this vulnerability.
In summary, the article underscores the significance of proactive security measures, prompt vulnerability disclosure, and timely patching to safeguard websites from potential threats. It serves as a reminder for WordPress users to prioritize security by keeping their plugins updated and leveraging security solutions like Wordfence.
Read Full Article