From e9abab925fa296f28a0ae4445efaecd5b89bce43 Mon Sep 17 00:00:00 2001 From: Mykyta Synelnikov Date: Fri, 5 Dec 2025 17:41:51 +0200 Subject: [PATCH] Fix security vulnerability CVE-2025-13220 in Ultimate Member. Addressed CVE-2025-13220 by implementing necessary fixes in the plugin's shortcodes and updating sanitization for shortcode attributes. Removed redundant compatibility checks for WordPress versions earlier than 5.4 and improved stability in the shortcode handling logic. --- changelog.txt | 2 ++ includes/core/class-shortcodes.php | 43 +++++++++--------------------- readme.txt | 5 ++++ 3 files changed, 19 insertions(+), 31 deletions(-) diff --git a/changelog.txt b/changelog.txt index e372666a..b28b26ca 100644 --- a/changelog.txt +++ b/changelog.txt @@ -2,7 +2,9 @@ = 2.11.1 December xx, 2025 = +* Bugfixes: + - Fixed: CVE-2025-13220. = 2.11.0 December 02, 2025 = diff --git a/includes/core/class-shortcodes.php b/includes/core/class-shortcodes.php index 4b73767d..cfff4958 100644 --- a/includes/core/class-shortcodes.php +++ b/includes/core/class-shortcodes.php @@ -527,10 +527,10 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) { * * @return string */ - function ultimatemember_login( $args = array() ) { + public function ultimatemember_login( $args = array() ) { global $wpdb; - $args = ! empty( $args ) ? $args : array(); + $args = shortcode_atts( array(), $args, 'ultimatemember_login' ); $default_login = $wpdb->get_var( "SELECT pm.post_id @@ -547,23 +547,18 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) { $shortcode_attrs .= " {$key}=\"{$value}\""; } - if ( version_compare( get_bloginfo('version'),'5.4', '<' ) ) { - return do_shortcode( "[ultimatemember {$shortcode_attrs} /]" ); - } else { - return apply_shortcodes( "[ultimatemember {$shortcode_attrs} /]" ); - } + return apply_shortcodes( "[ultimatemember {$shortcode_attrs} /]" ); } - /** * @param array $args * * @return string */ - function ultimatemember_register( $args = array() ) { + public function ultimatemember_register( $args = array() ) { global $wpdb; - $args = ! empty( $args ) ? $args : array(); + $args = shortcode_atts( array(), $args, 'ultimatemember_register' ); $default_register = $wpdb->get_var( "SELECT pm.post_id @@ -580,23 +575,18 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) { $shortcode_attrs .= " {$key}=\"{$value}\""; } - if ( version_compare( get_bloginfo('version'),'5.4', '<' ) ) { - return do_shortcode( "[ultimatemember {$shortcode_attrs} /]" ); - } else { - return apply_shortcodes( "[ultimatemember {$shortcode_attrs} /]" ); - } + return apply_shortcodes( "[ultimatemember {$shortcode_attrs} /]" ); } - /** * @param array $args * * @return string */ - function ultimatemember_profile( $args = array() ) { + public function ultimatemember_profile( $args = array() ) { global $wpdb; - $args = ! empty( $args ) ? $args : array(); + $args = shortcode_atts( array(), $args, 'ultimatemember_profile' ); $default_profile = $wpdb->get_var( "SELECT pm.post_id @@ -614,23 +604,18 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) { $shortcode_attrs .= " {$key}=\"{$value}\""; } - if ( version_compare( get_bloginfo('version'),'5.4', '<' ) ) { - return do_shortcode( "[ultimatemember {$shortcode_attrs} /]" ); - } else { - return apply_shortcodes( "[ultimatemember {$shortcode_attrs} /]" ); - } + return apply_shortcodes( "[ultimatemember {$shortcode_attrs} /]" ); } - /** * @param array $args * * @return string */ - function ultimatemember_directory( $args = array() ) { + public function ultimatemember_directory( $args = array() ) { global $wpdb; - $args = ! empty( $args ) ? $args : array(); + $args = shortcode_atts( array(), $args, 'ultimatemember_directory' ); $default_directory = $wpdb->get_var( "SELECT pm.post_id @@ -648,11 +633,7 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) { $shortcode_attrs .= " {$key}=\"{$value}\""; } - if ( version_compare( get_bloginfo('version'),'5.4', '<' ) ) { - return do_shortcode( "[ultimatemember {$shortcode_attrs} /]" ); - } else { - return apply_shortcodes( "[ultimatemember {$shortcode_attrs} /]" ); - } + return apply_shortcodes( "[ultimatemember {$shortcode_attrs} /]" ); } /** diff --git a/readme.txt b/readme.txt index b00c2e6a..636cd1fa 100644 --- a/readme.txt +++ b/readme.txt @@ -169,7 +169,9 @@ IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSI = 2.11.1 2025-12-xx = +**Bugfixes** +* Fixed: CVE-2025-13220. = 2.11.0 2025-12-02 = @@ -336,6 +338,9 @@ IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSI == Upgrade Notice == += 2.11.1 = +This version fixes a security related bug. Upgrade immediately. + = 2.10.4 = This version fixes a security related bug. Upgrade immediately.