{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/ultimate-member/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":["cpe:2.3:a:ultimatemember:ultimate_member:*:*:*:*:*:wordpress:*:*"],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-15290"},{"cvss":7.5,"id":"CVE-2025-0308"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Ultimate Member - User Profile, Registration, Login, Member Directory, Content Restriction \u0026 Membership Plugin \u003c= 2.10.1"],"_cs_severities":["high"],"_cs_tags":["wordpress","plugin","sql-injection","web-vulnerability"],"_cs_type":"advisory","_cs_vendors":["Ultimate Member","WordPress"],"content_html":"\u003cp\u003eCVE-2026-15290 details a critical blind SQL Injection vulnerability affecting the Ultimate Member - User Profile, Registration, Login, Member Directory, Content Restriction \u0026amp; Membership Plugin for WordPress, impacting all versions up to and including 2.10.1. The vulnerability originates from insufficient escaping of user-supplied input in the \u003ccode\u003esearch\u003c/code\u003e parameter and inadequate preparation of existing SQL queries. This flaw enables unauthenticated attackers to append malicious SQL queries to legitimate ones, facilitating the extraction of sensitive information from the underlying database. A partial patch for this specific issue was introduced in version 2.9.2, which initially aimed to address CVE-2025-0308. Successful exploitation poses a significant risk of data breaches and unauthorized access to a WordPress site's sensitive data.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker crafts a malicious HTTP GET or POST request targeting a WordPress site running the Ultimate Member plugin.\u003c/li\u003e\n\u003cli\u003eThe crafted request includes SQL injection payloads within the \u003ccode\u003esearch\u003c/code\u003e parameter (e.g., \u003ccode\u003e?search=test%27%20AND%20SLEEP(5)--%20\u003c/code\u003e or \u003ccode\u003e?search=admin%27%20OR%201=1--%20\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eDue to inadequate input sanitization and lack of parameterized queries within the plugin's code, the malicious input from the \u003ccode\u003esearch\u003c/code\u003e parameter is directly incorporated into a backend SQL query.\u003c/li\u003e\n\u003cli\u003eThe injected blind SQL query executes on the database server, causing a differential response, such as a time delay for time-based attacks or a distinct content change for boolean-based attacks.\u003c/li\u003e\n\u003cli\u003eThe attacker analyzes the web server's response (e.g., HTTP response time, page content) to infer the result of the injected SQL condition.\u003c/li\u003e\n\u003cli\u003eThe attacker iteratively sends numerous such requests, modifying the payload in the \u003ccode\u003esearch\u003c/code\u003e parameter to extract sensitive data, character by character, or by evaluating true/false conditions.\u003c/li\u003e\n\u003cli\u003eSensitive information, such as user credentials, API keys, or private configuration data, is systematically exfiltrated from the WordPress database.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe successful exploitation of CVE-2026-15290 allows unauthenticated attackers to extract sensitive data from the WordPress database. This could lead to a compromise of user accounts, administrative credentials, and other confidential information stored within the system. The stolen data could then be used for further attacks, identity theft, or sold on illicit markets, leading to severe financial, reputational, and operational damage for affected organizations. The vulnerability's high CVSS v3.1 score of 7.5 reflects the significant risk posed by unauthorized data disclosure without any prior authentication required.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately update the Ultimate Member plugin for WordPress to a version patched against CVE-2026-15290 (versions higher than 2.10.1).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Blind SQL Injection Attempts in Ultimate Member Plugin\u003c/code\u003e to your SIEM to identify and alert on potential exploitation attempts via the \u003ccode\u003esearch\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eEnsure detailed web server access logs are enabled and collected for your WordPress instances, specifically capturing full HTTP request URLs and query parameters.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-10T05:20:51Z","date_published":"2026-07-10T05:20:51Z","id":"https://feed.craftedsignal.io/briefs/2026-07-ultimate-member-sqli/","summary":"The Ultimate Member plugin for WordPress is vulnerable to blind SQL Injection via the 'search' parameter in all versions up to and including 2.10.1, due to insufficient escaping of user-supplied input and inadequate preparation of existing SQL queries, allowing unauthenticated attackers to append additional SQL queries and extract sensitive information from the database.","title":"CVE-2026-15290: Ultimate Member Plugin Blind SQL Injection","url":"https://feed.craftedsignal.io/briefs/2026-07-ultimate-member-sqli/"}],"language":"en","title":"CraftedSignal Threat Feed - Ultimate Member","version":"https://jsonfeed.org/version/1.1"}