Ultimate Member WordPress Plugin Vulnerability Affects Up To 200k Sites via @sejournal, @martinibuster

A critical vulnerability in the Ultimate Member WordPress plugin was disclosed this week, potentially impacting up to 200,000 websites. The security flaw, rated 8.8 out of 10 on the Common Vulnerability Scoring System (CVSS), allows unauthenticated attackers to gain full administrative access to affected WordPress sites. This means malicious actors could potentially deface websites, steal sensitive user data, or install malware without needing any prior login credentials. The vulnerability stems from improper handling of user meta data, which can be exploited through specially crafted requests. Security researchers at Wordfence initially identified and reported the vulnerability, urging users to update the plugin immediately. As of the latest reports, the Ultimate Member plugin has released a patch to address this critical security issue. Website administrators are strongly advised to ensure their Ultimate Member plugin is updated to the latest version to mitigate the risk of exploitation.