CVE-2026-15290info

Summary

by MITRE • 07/10/2026

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to blind SQL Injection via the search parameter in all versions up to, and including, 2.10.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This vulnerability was partially patched in version 2.9.2 when initially addressing CVE-2025-0308.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 07/10/2026

The Ultimate Member WordPress plugin represents a comprehensive membership solution that handles user profiles, registration processes, login functionality, and content restriction across WordPress websites. This plugin has been identified as containing a critical blind SQL injection vulnerability affecting versions through 2.10.1, which stems from inadequate input sanitization and improper query preparation mechanisms. The vulnerability specifically manifests through the search parameter handling within the plugin's core functionality, creating an attack vector that allows unauthenticated threat actors to manipulate database queries without proper authentication.

The technical flaw resides in the plugin's failure to properly escape user-supplied input when processing search requests through the vulnerable parameter. This weakness enables attackers to inject malicious SQL syntax into existing database queries that the plugin executes, effectively bypassing normal security controls and access restrictions. The vulnerability classifies as a blind SQL injection according to CWE-89, where attackers cannot directly see query results but can infer information through response timing variations or conditional responses. This particular implementation lacks proper parameterization of database queries, allowing attackers to append additional SQL commands that execute within the context of the application's database connection.

The operational impact of this vulnerability extends beyond simple data exfiltration, as it provides attackers with the capability to extract sensitive information from the underlying WordPress database including user credentials, membership details, and potentially administrative access tokens. The lack of authentication requirements for exploitation means that any visitor to a website running the vulnerable plugin can attempt to exploit this weakness, making it particularly dangerous in public-facing environments. Attackers can leverage this vulnerability to enumerate user accounts, extract password hashes, or even escalate privileges by accessing administrative database records. This vulnerability directly impacts the confidentiality and integrity of user data stored within WordPress installations.

Security mitigation strategies should prioritize immediate patching to versions 2.10.2 or later where the vulnerability has been addressed through proper input sanitization and query parameterization. Organizations should implement additional network-level protections including web application firewalls that can detect and block malicious SQL injection patterns targeting known vulnerable parameters. Database access controls must be reviewed to ensure that plugin accounts have minimal required privileges, following the principle of least privilege as outlined in cybersecurity best practices. Regular security auditing of WordPress plugins and themes remains essential for identifying similar vulnerabilities, with particular attention to input validation mechanisms and database query construction processes. The vulnerability highlights the importance of proper SQL injection prevention techniques including prepared statements and parameterized queries, which are fundamental requirements according to OWASP Top Ten security guidelines and NIST cybersecurity frameworks.

The partial patch implemented in version 2.9.2 for CVE-2025-0308 demonstrates that vendors must maintain comprehensive vulnerability management processes where fixes address not just the immediately apparent issues but also prevent similar classes of vulnerabilities from persisting. This remediation effort should include thorough code review processes focusing on all user input handling within database operations and implementation of robust input validation routines. Organizations running affected versions should conduct immediate risk assessments to determine if their systems have been compromised, examining database logs for signs of malicious activity and implementing monitoring solutions that can detect anomalous query patterns indicating exploitation attempts.

Disclosure

07/10/2026

Moderation

in review

EPSS

0.00000

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!