Tag: wp-admin

Three critical vulnerabilities found in Ultimate member plugin

Three critical vulnerabilities found in Ultimate member plugin

Security, Plugins
Three critical privilege escalation vulnerabilities have been discovered in the Ultimate Member plugin that exposed over 100,000 websites to hacking risk. These loopholes made it possible for attackers to breach and escalate their privileges to those of an administrator and leading to a forced take over a WordPress site. Ultimate Member is a widely used WordPress plugin that enhances user registration and account control on WordPress websites. This plugin also enables site owners to create custom roles and manage the privileges of site members. The plugin thus automatically creates three forms: user registration, user login, and user profile management as part of its functionality. How the vulnerabilities in Ultimate member plugin risked your website This flaw which was detected by th...