In today’s SensCy Cyber Alert, your SensCy team recommends WordPress users review the following information regarding the Ultimate Member plugin.
As many as 200,000 WordPress websites are at risk of cyber attacks by exploiting a vulnerability in the Ultimate Member plugin. The vulnerability can be tracked as CVE-20230-3460.
WordPress explained “This is a very serious issue: unauthenticated attackers may exploit this vulnerability to create new user accounts with administrative privileges, giving them the power to take complete control of affected sites.”
Ultimate Member released a new version 2.6.7. on July 1 to address the vulnerability. If you have not patched the plugin, SensCy recommends that you disable the plugin until it is patched. You should also audit all administrator-level users to determine if any unauthorized accounts have been added.
If you have any questions, please reach out to your Cyber Advocate.