Jump to content

Zero-Day Exploit Threatens 200,000 WordPress Websites


Rui Carlos

Recommended Posts

Citação

Cybersecurity researchers have discovered ongoing attacks targeting a critical vulnerability in the widely used Ultimate Member plugin for WordPress websites. This plugin, designed to streamline user registration and login processes, is currently installed on over 200,000 active websites worldwide.

[...]

Tracked as CVE-2023-3460, the vulnerability possesses a CVSS score of 9.8, indicating its severity. It enables attackers to exploit a flaw in the Ultimate Member plugin that allows the creation of rogue admin accounts. By manipulating predefined banned user meta keys within the plugin, attackers can add slashes to bypass the restrictions, alter the user meta key values, and set their wp capabilities to “administrator.” This grants them administrative access to the compromised websites.

[...]

Fonte: https://www.hackread.com/zero-day-exploit-threatens-wordpress-websites/

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site you accept our Terms of Use and Privacy Policy. We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.