WordPress Plugin Vulnerability

Published On: July 3, 2023Categories: Cyber Alerts

In today’s SensCy Cyber Alert, your SensCy team recommends WordPress users review the following information regarding the Ultimate Member plugin.

As many as 200,000 WordPress websites are at risk of cyber attacks by exploiting a vulnerability in the Ultimate Member plugin. The vulnerability can be tracked as CVE-20230-3460.

WordPress explained  “This is a very serious issue: unauthenticated attackers may exploit this vulnerability to create new user accounts with administrative privileges, giving them the power to take complete control of affected sites.”

Ultimate Member released a new version 2.6.7. on July 1 to address the vulnerability. If you have not patched the plugin, SensCy recommends that you disable the plugin until it is patched. You should also audit all administrator-level users to determine if any unauthorized accounts have been added.

If you have any questions, please reach out to your Cyber Advocate.

Related Posts

  • Apple Zero-Day Vulnerability

    September 22, 2023

    Categories: Cyber Alerts

    In today’s SensCy Cyber Alert, your SensCy team urges Apple product users to install the new updates immediately. The new update remediates THREE new zero-day [...]

  • Microsoft Patch Tuesday

    September 12, 2023

    Categories: Cyber Alerts

    In today’s SensCy Cyber Brief, your SensCy team reviewed Microsoft’s latest series of patches released on Tuesday, September 12, 2023. Today’s Patch Tuesday comes with [...]

  • Google Chrome 116 Update

    September 12, 2023

    Categories: Cyber Alerts

    In today’s SensCy Cyber Alert, your SensCy team recommends Google Chrome Browser users to install the new Chrome Version immediately. Google announced a new update [...]