Tag: Website Security

Three critical vulnerabilities found in Ultimate member plugin

Three critical vulnerabilities found in Ultimate member plugin

Security, Plugins
Three critical privilege escalation vulnerabilities have been discovered in the Ultimate Member plugin that exposed over 100,000 websites to hacking risk. These loopholes made it possible for attackers to breach and escalate their privileges to those of an administrator and leading to a forced take over a WordPress site. Ultimate Member is a widely used WordPress plugin that enhances user registration and account control on WordPress websites. This plugin also enables site owners to create custom roles and manage the privileges of site members. The plugin thus automatically creates three forms: user registration, user login, and user profile management as part of its functionality. How the vulnerabilities in Ultimate member plugin risked your website This flaw which was detected by th...
Quiz and Survey Master Plugin 2 Critical Vulnerabilities Patched

Quiz and Survey Master Plugin 2 Critical Vulnerabilities Patched

Security, Plugins
The WordFence Threat Intelligence team detected two vulnerabilities in Quiz and Survey Master (QSM), a WordPress plugin that is installed on over 30,000 sites. These flaws made it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution, as well as delete arbitrary files like a site’s wp-config.php file which could effectively take a site offline and allow an attacker to take over the vulnerable site. How Quiz and Survey Master is used in WordPress The Quiz and Survey Master is used in WordPress to add quizzes and surveys to sites. One of its features allows site owners to implement file uploads as a response type for a quiz or survey, which could be useful in a number of scenarios, such as a job application questionnaire with a PDF resume upl