WordPress plugin vulnerability

Hackers exploit zero-day in Ultimate Member WordPress plugin with 200K installs

Hackers are taking advantage of a zero-day privilege escalation vulnerability found in the widely used ‘Ultimate Member’ WordPress plugin, allowing them to bypass security measures and gain unauthorized access to websites. The plugin, which has over 200,000 active installations, is designed to facilitate user sign-ups and community building on WordPress sites. This vulnerability, identified as CVE-2023-3460 and classified as “critical” …

Continue Reading