Ultimate Member is a popular WordPress plugin that allows for simplified creation and management of user profiles within the system. On July 1, 2023, version 2.6.7 of the plugin was released. This version addresses the identified vulnerability.
A few days ago, a zero-day vulnerability was reported in the “Ultimate Member” plugin of the WordPress website and blog editor, which could cause significant issues for thousands of web pages, allowing cybercriminals to gain control over them.
The security flaw, identified as CVE-2023-3460, has been assigned a risk score of 9.8, indicating its particularly high severity.
Cybersecurity
Through this vulnerability, cybercriminals can bypass the plugin’s built-in security measures and manipulate user account configuration data. By setting their own accounts as administrators, hackers can take complete control of compromised websites.
The plugin developer promptly took action to address the issue, releasing version 2.6.3 of Ultimate Member on June 26, which partially fixed the vulnerability. Then, on July 1, version 2.6.7 was finally released, providing a complete fix for the security flaw.
However, over 200,000 WordPress websites that have incorporated the “Ultimate Member” plugin are still at risk. The large number of installations and the potential delay in updating, due to inadequate information communication, make them potential targets for malicious actors.
Therefore, it is strongly recommended that WordPress site owners and administrators immediately update the plugin to its latest version to avoid falling victim to potential attacks by hackers.
Additionally, it is crucial to remain vigilant and monitor any suspicious activity or unauthorized access attempts. Furthermore, beyond this specific situation, it is important to consistently update system plugins, as this ensures the integrity of the website and protects against emerging cybersecurity threats. Only by doing so can site owners and administrators ensure they have no such issues and can continue to serve their users effectively.