Login Sign Up

CVE-2024-2123

7.2 HIGH
Cross-Site Scripting

📋 TL;DR

This vulnerability allows unauthenticated attackers to inject malicious scripts into WordPress pages using the Ultimate Member plugin. When users visit compromised pages, the scripts execute in their browsers, potentially stealing credentials or performing unauthorized actions. All WordPress sites using Ultimate Member plugin versions up to 2.8.3 are affected.

💻 Affected Systems

Products:
  • Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin for WordPress
Versions: All versions up to and including 2.8.3
Operating Systems: All operating systems running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in default plugin templates; no special configuration required for exploitation.

📦 What is this software?

Ultimate Member by Ultimatemember

View all CVEs affecting Ultimate Member →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator credentials, deface websites, redirect users to malicious sites, or install backdoors for persistent access.

🟠

Likely Case

Attackers inject malicious scripts to steal user session cookies, credentials, or perform actions on behalf of authenticated users.

🟢

If Mitigated

With proper input validation and output escaping, the vulnerability is prevented, though existing malicious scripts may need cleanup.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires minimal technical skill due to unauthenticated access and common XSS techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.8.4 or later

Vendor Advisory: https://wordpress.org/plugins/ultimate-member/#developers

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Ultimate Member plugin. 4. Click 'Update Now' if available, or manually update to version 2.8.4+. 5. Verify update completes successfully.

🔧 Temporary Workarounds

Disable vulnerable templates

linux

Temporarily disable or override the vulnerable template files (members-grid.php and members-list.php) to prevent exploitation.

mv wp-content/plugins/ultimate-member/templates/members-grid.php wp-content/plugins/ultimate-member/templates/members-grid.php.bak
mv wp-content/plugins/ultimate-member/templates/members-list.php wp-content/plugins/ultimate-member/templates/members-list.php.bak

🧯 If You Can't Patch

  • Disable the Ultimate Member plugin entirely until patching is possible.
  • Implement a Web Application Firewall (WAF) with XSS protection rules to block exploitation attempts.

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Installed Plugins for Ultimate Member version. If version is 2.8.3 or lower, the site is vulnerable.

Check Version:

wp plugin list --name=ultimate-member --field=version

Verify Fix Applied:

After updating, verify the plugin version shows 2.8.4 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests to Ultimate Member endpoints with script tags or JavaScript in parameters.
  • Multiple failed login attempts or unexpected user registrations following XSS payload delivery.

Network Indicators:

  • HTTP requests containing <script> tags or JavaScript code in query parameters or POST data targeting Ultimate Member pages.

SIEM Query:

source="web_server_logs" AND (uri="*ultimate-member*" AND (query="*<script>*" OR query="*javascript:*"))

📊 Metadata

CVE ID: CVE-2024-2123
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
CWE: CWE-79
Published: March 13, 2024
Last Updated: March 5, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-2123, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)