Security News > 2024 > February > WordPress Plugin Alert - Critical SQLi Vulnerability Threatens 200K+ Websites
2024-02-27 05:43
A critical security flaw has been disclosed in a popular WordPress plugin called Ultimate Member that has more than 200,000 active installations. The vulnerability, tracked as CVE-2024-1071, carries a CVSS score of 9.8 out of a maximum of 10. Security researcher Christiaan Swiers has been credited with discovering and reporting the flaw. In an advisory published last week, WordPress
News URL
https://thehackernews.com/2024/02/wordpress-plugin-alert-critical-sqli.html
Related news
- Critical FortiClient EMS vulnerability fixed, (fake?) PoC for sale (CVE-2023-48788) (source)
- WordPress Admins Urged to Remove miniOrange Plugins Due to Critical Flaw (source)
- Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool (source)
- PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153) (source)
- Ivanti Releases Urgent Fix for Critical Sentry RCE Vulnerability (source)
- Critical Unpatched Ray AI Platform Vulnerability Exploited for Cryptocurrency Mining (source)
- Critical Security Flaw Found in Popular LayerSlider WordPress Plugin (source)
- Critical flaw in LayerSlider WordPress plugin impacts 1 million sites (source)
- Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks (source)
- Fortinet Rolls Out Critical Security Patches for FortiClientLinux Vulnerability (source)