Privilege Escalation Vulnerability in Ultimate Member Plugin
In a report from Automattics WP.cloud and Pressable.com platforms, it was discovered that several websites were compromised via rogue new administrator accounts. The issue has been traced to a Privilege Escalation vulnerability within the Ultimate Member plugin, as reported by Slavic Dragovtev. The creators of the plugin have attempted to fix this through updates but have so far been unsuccessful, with version 2.6.6 still exploitable.
Ultimate Member WordPress Plugin
The Ultimate Member plugin is a powerful tool designed for WordPress websites, offering a comprehensive user management system. It enables website owners to effortlessly create and manage user profiles, registration forms, login functionality, member directories, and much more. With a wide range of customizable features and intuitive interface, the Ultimate Member plugin empowers website administrators to build engaging and interactive communities, membership sites, and online forums. It provides seamless integration with other popular WordPress plugins, allowing for enhanced functionality and flexibility in creating a personalized user experience. Whether you need to create a simple membership site or a complex community platform, the Ultimate Member plugin offers a robust solution to streamline user management and elevate your website’s capabilities.
Ultimate Member Plugin Vulnerability (CVE-2023-3460)
The problem lies in how the Ultimate Member plugin allows unauthenticated attackers to create new user accounts with administrative privileges. This was confirmed to be due to malicious actors actively exploiting the vulnerability (CVE-2023-3460). A more detailed description can be found on WPScan.
CVE (Common Vulnerabilities and Exposures) is a standardized system used to uniquely identify and track publicly known vulnerabilities in software and firmware. Each CVE entry provides a reference number, description, and relevant information about the vulnerability, allowing organizations and users to stay informed and take necessary actions to mitigate the associated risks.
Description: Ultimate Member <= 2.6.6 – Privilege Escalation via Arbitrary User Meta Updates
Affected Plugin: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
Plugin Slug: ultimate-member
Affected Versions: <= 2.6.6
CVE ID: CVE-2023-3460
CVSS Score: 9.8 (Critical)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Researcher/s: Unknown, Marc-Alexandre Montpas
Fully Patched Version: N
From: Wordfence
WordPress Security
Given this threat, we recommend implementing precautionary steps towards ensuring your WordPress site’s security:
1. Update Plugins Regularly: Always keep your plugins updated to their latest versions as they usually contain security patches for known vulnerabilities.
2. Use Strong Passwords: Make sure every account uses strong and unique passwords.
3. Implement Two-Factor Authentication: This will add an extra layer of protection against unauthorized access.
4. Limit Login Attempts: Limiting login attempts can protect your site from brute force attacks.
5. Regular Backups: Regularly backup your website data so you can quickly restore it in case of compromise.
6. Install Security Plugins: Security plugins like Wordfence or Fail2ban offer comprehensive solutions for website safety.
7. Monitor Your Site Regularly: Monitor your site regularly for any changes or suspicious activity.
8. Use SSL Certificate: An SSL certificate ensures secure data transfer between user browsers and the server, making it harder for hackers to breach the connection.
9. PHP Restrictions: Disable PHP File Execution in Certain WordPress Directories
10. Change WordPress Database Prefix: Changing the default database prefix makes it harder for hackers to guess and attack your database tables.
While these steps cannot guarantee full-proof protection against all types of cyber threats online, they significantly reduce risks associated with common web attacks such as those involving privilege escalation vulnerabilities found in certain plugins like Ultimate Member.
Until a complete patch is available for this particular vulnerability, disabling Ultimate Member is recommended if you’re currently using it on your website.
For more information about keeping your WordPress site secure, visit WordPress.org.
CyberStrides WordPress Security
Additionally, to ensure the utmost security of your WordPress site and protect it from potential vulnerabilities, we recommend reaching out to CyberStrides for a complimentary website audit. Our team of experts specializes in conducting thorough security assessments to identify any existing vulnerabilities, perform comprehensive scans, and provide actionable recommendations to fortify your website against cyber threats. Contact us today for a free website audit and take proactive measures to safeguard your online presence. Protect your website with CyberStrides, your trusted partner in website security.