Scroll Top

Urgent update required: Hackers exploit unpatched WordPress plugin vulnerability to create secret admin accounts


Urgent update required: Hackers exploit unpatched WordPress plugin vulnerability to create secret admin accounts

As many as 200,000 WordPress websites are currently under the threat of ongoing attacks due to a critical unpatched security vulnerability discovered in the widely used Ultimate Member plugin. This flaw, identified as CVE-2023-3460 and carrying a CVSS score of 9.8, affects all versions of the plugin, including the latest release. The exploit allows unauthenticated attackers to create new user accounts with administrative privileges, granting them complete control over compromised websites.

Details of the Vulnerability: WordPress security firm WPScan has issued an alert, emphasizing the severity of the issue. The vulnerability stems from an inadequate blocklist logic within the plugin, which fails to prevent the alteration of the wp_capabilities user meta value. By exploiting this flaw, hackers can elevate their user privileges to that of an administrator, effectively compromising the entire site. The specifics of the vulnerability have been withheld due to active exploitation.

Inadequate Patching Efforts: Partial fixes were implemented by the Ultimate Member plugin maintainers in versions 2.6.4, 2.6.5, and 2.6.6 upon discovering reports of unauthorized administrator accounts being created on affected sites. However, WPScan has identified multiple methods to bypass these patches, rendering them incomplete and leaving the vulnerability actively exploitable.

Exploitation Techniques: The observed attacks utilizing the plugin vulnerability involve the creation of rogue administrator accounts under various names such as apadmins, se_brutal, segs_brutal, wpadmins, wpengine_backup, and wpenginer. Once the accounts are established, hackers gain access to the site’s administration panel, allowing them to upload malicious plugins and themes.

Immediate Actions to Secure Websites: To mitigate the risks associated with this vulnerability, users of the Ultimate Member plugin are advised to take the following steps:

  1. Disable the Plugin: Until a comprehensive patch is released, it is recommended to disable the Ultimate Member plugin on affected websites.
  2. Audit Administrator Accounts: Conduct a thorough review of all administrator-level user accounts to identify any unauthorized additions. Promptly remove any suspicious or unauthorized accounts.

The Importance of Promptly Updating WordPress: This recent exploit in the Ultimate Member plugin serves as a stark reminder of the critical importance of updating WordPress and its associated plugins immediately when updates become available. Failure to do so exposes websites to potential security vulnerabilities that can be exploited by malicious actors. Regularly updating WordPress and its plugins ensures that critical security patches and bug fixes are implemented, significantly reducing the risk of successful attacks.

Release of Ultimate Member Version 2.6.7: In response to the ongoing attacks, the developers of the Ultimate Member plugin released version 2.6.7 on July 1. This update aims to address the privilege escalation flaw currently being exploited. Additionally, the new release introduces a feature that enables website administrators to reset passwords for all users, enhancing overall security.

Conclusion: The discovery of a critical vulnerability in the Ultimate Member plugin highlights the urgency and importance of keeping WordPress and its associated plugins up to date. Failing to promptly install updates exposes websites to potential exploitation by hackers, leading to unauthorized access and compromised security. Website owners and administrators must remain vigilant, regularly checking for updates, and promptly applying them to protect their online presence and user data.

Related Posts

Leave a comment

You must be logged in to post a comment.
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.