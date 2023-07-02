scorecardresearch
- Advertisement -
HomeWorldTechnology

Over 2 lakh WordPress websites vulnerable to hacking due to plugin bug

By Agency News Desk

New Delhi, July 2 (IANS) More than 2 lakh WordPress websites are at the hacking risk due to a critical unpatched security vulnerability that was being actively exploited by malicious actors.

According to WordPress security firm WPScan, the bug is present in the Ultimate Member plugin, which is a free user profile WordPress plugin that makes it easy to create powerful online communities and membership sites with WordPress.

“This is a very serious issue as unauthenticated attackers may exploit this vulnerability to create new user accounts with administrative privileges, giving them the power to take complete control of affected sites,” the security firm warned.

There was “no complete fix to this issue” and worryingly, “there were indications that this issue was being actively exploited by malicious actors,” the firm added.

In response to the vulnerability report, the creators of the plugin promptly released a new version, 2.6.4, intending to fix the problem.

“However, upon investigating this update, we found numerous methods to circumvent the proposed patch, implying the issue is still fully exploitable,” the WPScan team noted.

The plugin operates by using a pre-defined list of user metadata keys that users should not manipulate.

It uses this list to check if users are attempting to register these keys when creating an account.

“Unfortunately, differences in how the Ultimate Member’s blocklist logic and how WordPress treats metadata keys made it possible for attackers to trick the plugin into updating some it shouldn’t,” said the team.

The security researchers recommend that the users should disable the Ultimate Member plugin until a patch that completely remediates this security issue is made available.

Sites on WP.cloud hosts, such as WordPress.com and Pressable.com, have received a platform-level patch to help mitigate the vulnerability.

–IANS

na/dpb

Agency News Desk
Agency News Deskhttp://glamsham.com
The Agency News Desk comprises team members including Puja T, S Ghadashi, N N Sethi, curate & publish news-worthy domestic & international content from the designated news agencies like Indo Asian News Service, others. The content team can be contacted on editor@glamsham.com and on @glamsham on social media platforms. Kindly visit https://glamsham.com/disclaimer for more information
Previous article
Smart home devices market declines further, slump to last into 2024
Next article
NETGEAR Orbi RBK852 mesh router gives Wi-Fi a new life with wider range
This May Also Interest You
Technology

NETGEAR Orbi RBK852 mesh router gives Wi-Fi a new life with wider range

Technology

Smart home devices market declines further, slump to last into 2024

Technology

Woman discloses termination over usage of ChatGPT-like tool for writing content

Technology

Twitter rival Bluesky disables new sign-ups

Technology

Twitter to soon increase rate limits: Musk

Sports

Akhil Rabindra finishes with an impressive P5 & P8 in Round 3 of the European GT4 Series

Sports

Ashes 2023: Australia's strong bowling performance leaves England with 257 runs to win for exciting day five

Sports

ODI World Cup Qualifiers: Sri Lanka's Hasaranga reprimanded for breach of ICC Code of Conduct

Sports

SAFF Championship: India overcome Lebanon 4-2 in penalties to reach final

Sports

Global Chess League: Triveni Continental Kings to face Mumba Masters in final

News

Amanda Bynes checks out of psychiatric facility

News

John Abraham to thrill audiences as ‘The Diplomat’

Technology

Elon Musk sets reading posts limits on Twitter to prevent data scraping

Sports

Dutch dominate Belgium 6-1 as FIH Hockey Pro League goes down the wire

Sports

ODI WC Qualifiers: Sahan Arachchige replaces injured Lahiru Kumara in Sri Lanka’s squad

Sports

Global Chess League: Triveni Continental Kings surges to top, the first team to qualify for final

Sports

Ashes 2023: Injured Nathan Lyon comes out to bat, receives a standing ovation from Lord’s crowd

Sports

Rudrankksh Patil back as NRAI announces Rifle/Pistol teams for World Championships and Asian Games

glamsham.com on google NEWS
- Advertisment -

Entertainment Today

- Advertisement -
- Advertisement -

BOLLYWOOD REVIEWS

REGIONAL REVIEWS

INTL REVIEWS

glamsham.com is your destination for news, reviews and much more content for OTT, TV, Hollywood, Bollywood, Fashion & LIfestyle, Sports & Technology. [For more info write to editorial at glamsham dot com or marketing at glamsham dot com]

FOLLOW US