Vulnerabilities Affect 100k Sites Using WordPress Plugin

Researchers have discovered critical privilege-escalation vulnerabilities in a WordPress plugin installed in 100k websites.

The three flaws in Ultimate Member were detected by Wordfence's Threat Intelligence Team, which described them as "critical and severe" and "easy to exploit." 

By abusing the flaws, an attacker could escalate their privileges to those of an administrator and completely take over a WordPress site.

"Once an attacker has administrative access to a WordPress site, they have effectively taken over the entire site and can perform any action, from taking the site offline to further infecting the site with malware," noted researchers. 

Ultimate Member is a free user profile plugin deployed to create online communities and membership sites with WordPress. It allows site owners to create custom roles and manage the privileges of site members.

"We discovered that the user registration form lacked some checks on submitted user data," wrote researchers.

"This oversight made it possible for an attacker to supply arbitrary user meta keys during the registration process that would update those meta keys in the database."

Researchers found the first flaw on October 19, 2020, and reached out to the plugin's developer on October 23.

"After establishing an appropriate communication channel, we provided the full disclosure details on October 26, 2020," said researchers.

The developer acted swiftly, sending Wordfence a copy of the first intended patch for testing on October 26. 

"We confirmed the patch fixe ..

Support the originator by clicking the read the rest link below.