The Threat Intelligence team from Wordfence discovered multiple vulnerabilities in Ultimate Member, a WordPress plugin installed on over 100,000 sites. Wordfence stated that the flaws are severe and could allow remote attackers to escalate their privileges to those of an administrator to take over WordPress sites. The company urged the admins of WordPress sites who use the Ultimate Member plugin to immediately patch the bugs by updating them with the patched version 2.1.12.
Ultimate Member is a WordPress plugin that provides support for creating websites and enhance user registration and account control on WordPress sites.
According to Wordfence’s researchers, the vulnerabilities exist in three forms: user registration, user login, and user profile management.
“These vulnerabilities are considered very critical as it makes it possible for originally unauthenticated users to easily escalate their privileges to those of an administrator. Once an attacker has administrative access to a WordPress site, they have effectively taken over the entire site and can perform any action, from taking the site offline to further infecting the site with malware,” Wordfence said.
“Attackers could enumerate the current custom Ultimate Members roles and supply a higher privileged role while registering in the role parameter. Also, an attacker could supply a specific capability and then use that to switch to another user account with elevated privileges,” Wordfence added.
700,000 WordPress Users at Risk
In a similar discovery, Wordfence found that the File Manager plugin has over 700,000 active installations, which could allow threat actors to execute commands and upload malicious files on a target site. File Manager is a plugin intended to help WordPress admins manage files on their websites. To read the full story, click here…
