Sunday, July 13, 2025
spot_img

Critical security vulnerability outs over 2 Lakh WordPress websites at risk

Date:

Share post:

spot_imgspot_img

Shillong, July 2: A critical unpatched security vulnerability in the Ultimate Member plugin has put more than 2 lakh WordPress websites at risk of hacking. The plugin, designed to create user profiles and online communities, has a bug that allows unauthenticated attackers to create new user accounts with administrative privileges. This enables them to gain complete control over affected sites.

WordPress security firm WPScan highlighted the severity of the issue and warned that the vulnerability was actively exploited by malicious actors. The plugin’s creators released a new version, 2.6.4, in an attempt to address the problem. However, upon investigation, the WPScan team discovered that the proposed patch could be bypassed, rendering the issue still fully exploitable.

The vulnerability stems from the plugin’s use of a predefined list of user metadata keys that should not be manipulated. Attackers were able to trick the plugin by exploiting differences in how the Ultimate Member plugin and WordPress handle metadata keys.

To mitigate the risk, security researchers strongly advise users to disable the Ultimate Member plugin until a comprehensive patch is available. WP.cloud hosts, including WordPress.com and Pressable.com, have implemented a platform-level patch to help alleviate the vulnerability for sites hosted on their platforms.

spot_imgspot_img

Related articles

Sorkari, kamtangko ka·na chu·sokjaode sakgipinna pakwatbo: VPP

SHILLONG: Voice of the People Party (VPP)-ni chief Ardent Miller Basaiawmoit, NPP-chi dilenggipa sorkariko kamtangko name dake ka·na...

Chokpot jolni neng·nikarangko namatna CSO, songni dilgiparang bakrima

SHILLONG: Ramani obostarang namjani bidingo, gipin jatrangko songrangona skatang napna on·engani bidingrango sorkariko nirokatchina gita Civil society organisation,...

Sitharaman, Meghalaya-ni $30 economy-ona sokna re·mikkanganio dakchakna agana

SHILLONG: Ma·mongni Finance Minister Nirmala Sitharaman, Meghalaya a·dokni Health sector-o namen tang·doaniko nike de·mittelaha. Mongsongbate Meghalaya-o Maternity Mortality...

Game ge·e cha·giparangko bilakdapatna IPDM training-ko ICAR-KVK ong·ata

TURA: ICAR - Krishi Vigyan Kendra (KVK), West Garo Hills, Dalu Block-ni Marapara songo NICRA project-ni ning·o method-ko...