CVE-2024-1071

This repository contains a scanner for CVE-2024-1071, which is a SQL Injection vulnerability in the WordPress Ultimate Member plugin. The script checks for vulnerable versions, retrieves necessary parameters (nonce, directory_id), and suggests using SQLmap for exploitation.

This repository contains a functional exploit for CVE-2024-1071, an unauthorized database access/SQL injection vulnerability in the Ultimate Member WordPress plugin. The exploit automates the process of retrieving a nonce, identifying a valid directory ID, and preparing a SQL injection payload for use with sqlmap.

This repository provides a Docker environment to set up a vulnerable WordPress instance with the Ultimate Member plugin (version 2.8.2) for testing CVE-2024-1071. It does not include actual exploit code but references external PoCs for automation.

This repository contains a functional Python script that automates the exploitation of CVE-2024-1071, an SQL injection vulnerability in the WordPress Ultimate Member plugin (versions 2.1.3 to 2.8.2). The script checks for vulnerable versions, retrieves necessary nonces and directory IDs, and uses SQLMap to exploit the vulnerability via the 'sorting' parameter.

This repository contains a functional Python exploit for CVE-2024-1071, an SQL injection vulnerability in WordPress Ultimate Member plugin versions 2.1.3 to 2.8.2. The exploit automates the process of checking plugin versions, retrieving nonces, and identifying valid directory IDs to facilitate SQL injection attacks.

This repository provides a Docker-based lab environment for CVE-2024-1071, a vulnerability in the Ultimate Member WordPress plugin. It includes a pre-configured WordPress instance with the vulnerable plugin (version 2.8.2) and setup instructions to replicate the exploit scenario.

This repository contains a functional exploit for CVE-2024-1071, an unauthorized database access/SQL injection vulnerability in the Ultimate Member WordPress plugin. The exploit automates the process of retrieving a nonce, identifying a valid directory ID, and preparing a SQL injection payload for use with sqlmap.

This repository contains a functional Python exploit for CVE-2024-1071, an SQL injection vulnerability in WordPress Ultimate Member plugin versions 2.1.3 to 2.8.2. The exploit automates the process of checking plugin versions, retrieving nonces, and identifying valid directory IDs to facilitate SQL injection attacks.

This Metasploit module exploits a time-based blind SQL injection vulnerability in the WordPress Ultimate Member plugin via the 'sorting' parameter. It automates the extraction of user credentials by first retrieving a nonce and directory ID, then leveraging SQLi to dump database contents.