Ultimate Member WordPress Plugin Vulnerability Allows Full Site Takeover via @sejournal, @martinibuster
Ultimate Member WordPress plugin vulnerability, with over 200,000 active installations is being actively exploited on unpatched WordPress sites. The vulnerability is said to require trivial effort to bypass security filters.
Ultimate Member Plugin Vulnerability
The Ultimate Member WordPress plugin enables publishers to create online communities on their websites.
The plugin works by creating a frictionless process for user sign-ups and creation of user profiles. It’s a popular plugin especially for membership sites.
The free version of the plugin has a generous feature set including:
Front-end user profiles, registration, login and publishers can also create member directories.
The plugin also contained a critical flaw that allowed a site visitor to create member profiles with essentially administrator-level privileges.