Get a Pentest and security assessment of your IT network.

Cyber Security

Ultimate Member Plugin for WordPress Allows Site Takeover

A WordPress plugin has three critical security bugs that each allow privilege escalation and potentially full control over a target WordPress site. The Ultimate Member plugin, called Ultimate Member, allows web admins to add user profiles and membership areas to their web destinations. The flaws make it possible for both authenticated and unauthenticated attackers to escalate their privileges during registration, to attain the status of an administrator. The third bug is a 9.9 out of 10 on the severity scale due to a lack of capability checks on the Profile Update function of the plugin.

Source: https://threatpost.com/ultimate-member-plugin-wordpress-site-takeover/161053/

Related posts
Cyber Security

Zip Codes & PII: Are They Personal Data?

Cyber Security

Zero-Day Vulnerabilities: User Defence Guide

Cyber Security

Zero Knowledge Voting with Trusted Server

Cyber Security

ZeroNet: 51% Attack Risks & Mitigation