As many as 200,000 WordPress websites are at risk of ongoing attacks exploiting a critical unpatched security vulnerability in the Ultimate Member plugin.
The flaw, tracked as CVE-2023-3460, affects all versions of the Ultimate Plus plugin, including the latest version (2.6.6) that was released on June 29, 2023.Ultimate Member is a popular plugin that facilitates the creation of user profiles and communities on WordPress sites.
It uses a privilege escalation vulnerability used through UM Forms.
According to the release notes, Ultimate Member recommends that users disable the plugin until a proper patch that completely plugs the security hole is made available.
Users of Ultimate Member are advised to enable it with a temporary disable while the patch is available
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply