WordPress Ultimate Member Plugin Security Update Advisory (CVE-2024-1071)

Feb 27 2024

Overview

An update has been made available to fix vulnerabilities in the WordPress Ultimate Member plugin. Users of affected versions are advised to update to the latest version.

Affected Products

WordPress Ultimate Member plugin versions 2.1.3 or later and 2.8.2 or earlier

Resolved Vulnerabilities

Unauthenticated SQL Injection vulnerability in WordPress Ultimate Member (CVE-2024-1071)

Vulnerability Patches

A vulnerability patch was made available in the February 23, 2024 update. Please update to the latest vulnerability patch version as per the reference site.

WordPress Ultimate Member plugin version 2.8.3

Referenced Sites

[1] Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin 2.1.3 – 2.8.2 – Unauthenticated SQL Injection
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/ultimate-member/ultimate-member-user-profile-registration-login-member-directory-content-restriction-membership-plugin-213-282-unauthenticated-sql-injection
[2] Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
https://wordpress.org/plugins/ultimate-member/

WordPress Ultimate Member Plugin Security Update Advisory (CVE-2024-1071)

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Security update advisories for IBM products (IBM Cognos Analytics, IBM Aspera Console, etc.)

Security Update Advisory for python-jwt Package (CVE-2022-39227)

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

Security update advisories for IBM products (IBM Cognos Analytics, IBM Aspera Console, etc.)

Security Update Advisory for python-jwt Package (CVE-2022-39227)