Ultimate Member Plugin Flaw Exposes Password Reset Links

Image credit: Search Engine Journal

A critical vulnerability in the Ultimate Member WordPress plugin allows authenticated attackers to compromise user accounts by exposing password reset links, potentially affecting up to 200,000 websites.

The flaw, rated 8.8 out of 10 for severity, enables individuals with contributor-level access or higher to obtain password reset URLs for any user, including site administrators, according to cybersecurity researchers at Wordfence.

Wordfence, a WordPress security company, reported that the vulnerability stems from a series of three chained logic issues within the plugin.

These issues allow an attacker to trick the plugin into treating arbitrary posts as member directories, bypass restrictions on metadata fields, and exploit a lack of validation for field names when processing user card data, Wordfence stated.

The combination of these flaws creates a path for attackers to retrieve sensitive password reset links, thereby facilitating full account takeover.

The affected versions include Ultimate Member plugin versions up to 2.11.4.

Shutterstock, a major stock photography and content provider, was among the organizations identified as potentially using the vulnerable plugin, according to Wordfence.

Users of the Ultimate Member plugin are advised to update their installations immediately to version 2.12.0 or higher to patch the vulnerability.

The update addresses the logic flaws that permit the exposure of password reset links and mitigate the risk of account takeovers.

Cybersecurity experts routinely recommend that website administrators keep all plugins and themes updated to their latest versions to protect against known vulnerabilities.

Source: Search Engine Journal