The Ultimate Member plugin for WordPress, which handles user profiles, registration, login, member directories, content restriction, and membership management, is vulnerable to a time-based SQL Injection attack through the search parameter. The vulnerability arises from improper neutralization of special elements in SQL commands (CWE-89), specifically due to insufficient escaping of user-supplied input and inadequate preparation of SQL queries. This flaw allows unauthenticated attackers to append malicious SQL queries to existing ones, potentially enabling extraction of sensitive database information. The CVSS 3.1 base score is 7.5, indicating high severity, with an attack vector of network, no privileges required, and no user interaction needed. The vulnerability affects all versions up to and including 2.9.1. No patch or vendor advisory information is provided in the data.

Successful exploitation of this vulnerability can lead to unauthorized disclosure of sensitive information from the database. The attacker does not require authentication or user interaction to exploit the flaw. The vulnerability does not impact integrity or availability directly but compromises confidentiality. No known exploits have been reported in the wild as of the publication date.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, consider disabling or restricting access to the vulnerable search functionality or applying web application firewall (WAF) rules to detect and block SQL injection attempts targeting this plugin. Monitor for updates from the Ultimate Member plugin vendor to apply official patches once released.