Source : Internet
Severity Rating: Critical : 9.8
Version Affected : Ultimate Member version prior to 2.6.7
Description : Privilege Escalation Vulnerability in Ultimate Member Plugin for WordPress.
A recent vulnerability has been identified in the Ultimate Member plugin for WordPress, which could potentially enable an attacker to acquire escalated privileges on the targeted system. This vulnerability stems from improper authorization within the registration functionality of the Ultimate Member plugin. Exploiting this vulnerability would involve the creation of user accounts with administrator privileges, granting the attacker elevated control over the system.
Impact: Successful exploitation of this vulnerability could allow unauthenticated attacker to gain elevated privileges on the targeted system.
Mitigation: Apply patch https://wpscan.com/vulnerability/694235c7-4469-4ffd-a722-9225b19e98d7‘
Ref: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/
Disclaimer : The information provided herein is on “as is” basis, without warranty of any kind.
