New vulnerability in WordPress plugin dobaviti concerns site administrators: expanding the Ultimate Member plugin to simplify profiles and community sites, with the number of active installations of more than 100,000, who urgently need to update to the latest current version.

 

The reason is a critical bug that led to the possibility of exploiting several fairly easy-to-use vulnerabilities that potentially allow you to take full control of the site…

 

 

The plugin itself makes it possible to create websites and significantly simplifies the process of registering and creating online communities with flexibly configurable access levels, roles and privileges for users.

 

On November 9, 2020, Wordfence Threat Intelligence published a report in which analyst Chloe Chamberland presented three bugs that can allow users to increase their privileges in the system to the highest and completely take control of any WordPress site by exploiting a vulnerable version of the Ultimate Member plugin.

The vulnerability was discovered on October 26, and a new plugin release was released on October 29 with the release of Ultimate Member 2.1.12, which closes the possibility of exploiting an error that leads to privilege escalation.

 

The most critical bug found out of the three found was classified as critical (very important), as it allowed unauthorized users to increase their privileges to administrative by exploiting an error in the code.

 

“As soon as an attacker gets administrative access to a WordPress site, they actually take over the entire site and can perform any actions, from disabling the site to further infecting the site with malware,” Chamberland explained.

 

The second error was also classified as serious-CVSS 10 out of 10: error of privilege escalation without authentication through user metadata and granting administrator access during registration, as well as user roles (the administrator role is selected during registration).

 

The third bug was classified in 9.8 out of 10, as it requires wp-admin access to the page profile.php it is still considered critical because it allows any verified attacker to elevate privileges to administrator without much effort.

 

Although Ultimate Member 2.1.12, which fixes three vulnerabilities, was released on October 26, the new version of the plugin was downloaded approximately 75,000 times (with almost 32,000 of them the day after the update was released). This means that at least 25,000 WordPress websites with active Ultimate Member installations are still potentially vulnerable to attacks if attackers start using these bugs as part of future malware campaigns.

Leave a Reply

Your email address will not be published. Required fields are marked *

GPD Host Contacts
GPD Host Social
Pay with Confidence

Copyright © 2015 - 2020 GPD Host All right reserved.