Security News > 2023 > July > WordPress plugin lets users become admins – Patch early, patch often!

WordPress plugin lets users become admins – Patch early, patch often!
2023-07-03 19:48

If you run a WordPress site with the Ultimate Members plugin installed, make sure you've updated it to the latest version.

The plugin doesn't allow users to enter this value, but this filter turns out to be easy to bypass, making it possible to edit wp capabilities and become an admin.

The #1 user profile & membership plugin for WordPress.

The plugin makes it a breeze for users to sign-up and become members of your website.

In the Log4J case, attackers also set about scouring the code, hoping to find related coding mistakes elswhere in the code before the Log4J programmers did.

Coding errors made in one place by one programmer may have been duplicated elsewhere, either by the same coder working on other parts of the project, or by other coders "Learning" bad habits or trustingly following incorrect design assumptions.


News URL

https://nakedsecurity.sophos.com/2023/07/03/wordpress-plugin-lets-users-become-admins-patch-early-patch-often/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Wordpress 7 2 93 44 18 157
Plugin 2 0 13 1 0 14