Hackers have taken advantage of a zero-day vulnerability in the ‘Ultimate Member’ WordPress plugin, which allows them to compromise websites by circumventing security measures and creating unauthorized administrator accounts. Ultimate Member is a popular plugin for user profiles and memberships on WordPress sites, with over 200,000 active installations.
This vulnerability, known as CVE-2023-3460 and rated as critical with a CVSS v3.1 score of 9.8, affects all versions of the Ultimate Member plugin, including the latest release, v2.6.6. Although the developers attempted to fix the flaw in versions 2.6.3, 2.6.4, 2.6.5, and 2.6.6, there are still ways for attackers to exploit it. The developers are actively working to address the remaining issues and are expected to release an update soon.
Read more: Hackers exploit zero-day in Ultimate Member WordPress plugin with 200K installs
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.