WordPress Plugin Vulnerability

Published On: July 3, 2023Categories: Cyber Alerts

In today’s SensCy Cyber Alert, your SensCy team recommends WordPress users review the following information regarding the Ultimate Member plugin.

As many as 200,000 WordPress websites are at risk of cyber attacks by exploiting a vulnerability in the Ultimate Member plugin. The vulnerability can be tracked as CVE-20230-3460.

WordPress explained  “This is a very serious issue: unauthenticated attackers may exploit this vulnerability to create new user accounts with administrative privileges, giving them the power to take complete control of affected sites.”

Ultimate Member released a new version 2.6.7. on July 1 to address the vulnerability. If you have not patched the plugin, SensCy recommends that you disable the plugin until it is patched. You should also audit all administrator-level users to determine if any unauthorized accounts have been added.

If you have any questions, please reach out to your Cyber Advocate.

Related Posts

  • April 19, 2024

    Categories: Cyber Alerts

    In today’s SensCy Cyber Alert, your SensCy team is reviewing latest disclosure of vulnerabilities by WordPress. There were 202 vulnerabilities discovered, including 185 WordPress plugin [...]

  • April 18, 2024

    Categories: Cyber Alerts

    In today’s SensCy Cyber Alert, your SensCy team recommends Google Chrome Browser users to install the new Chrome Version 124 immediately. The new update patches [...]

  • April 10, 2024

    Categories: Cyber Alerts

    In today’s SensCy Cyber Brief, your SensCy team reviewed Adobe latest release of security updates. We recommend installing those updates immediately if you are using [...]