"Vulnerabilities Affect 100,000 Sites Using WordPress Plugin"

Three critical privilege-escalation vulnerabilities were discovered in a WordPress plugin, impacting 100,000 websites. Wordfence's Threat Intelligence Team detected the flaws in Ultimate Member, which is a free user profile WordPress plugin that supports the creation of online communities and membership sites as it allows site owners to set custom roles and manage site members' privileges. The flaws found in this plugin could allow an attacker to elevate their privileges to perform administrative tasks, thus allowing them to take full control of a WordPress site. With this administrative access, the attacker can take the site offline, infect the site with malware, and more. Businesses are encouraged to be more aware of the risks posed by third-party WordPress plugins, as well as to implement web application firewalls to secure their websites and apply client-side visibility solutions to uncover malicious code on their sites. This article continues to discuss the abuse and impact of the privilege-escalation vulnerabilities found in the WordPress Ultimate Member plugin, and what organizations should do to protect their websites. 

Infosecurity Magazine reports "Vulnerabilities Affect 100,000 Sites Using WordPress Plugin"