Thousands Of WordPress Sites Exposed 

More than 200,000 WordPress sites have less security which exposes them to attacks that target the Ultimate Member Plugin. This is a service designed to make it easier to allow users to add profiles, define roles, and create member directories. But this allows hackers to add new administrative accounts to the user group.

Tracked as CVE-2023-3460 (CVSS score of 9.8), the recently identified security defect in Ultimate Member lets attackers add a new user account to the administrators group. The defect is a Cross Site Request Forgery (CSRF).

A CSRF flaw means that site does not distinguish between intentional actions taken by the user and forged requests generated by a malicious link or script request. This CSRF flaw allowed attackers to forge a request on behalf of an administrator and inject code on a vulnerable site allowing potential attackers to remotely execute arbitrary code on websites running vulnerable Code Snippets installation.

A high severity CSRF bug allows attackers to take over WordPress sites running an unpatched version of the Code Snippets plugin because of missing referer checks on the import menu.

Some of the plugin’s users have observed the creation of rogue accounts and reported them recently, but the attacks appear to have been ongoing at least since the beginning of June this year. WPScan, WordPress’s security firm, says that the bug is rooted in a conflict between the plugin’s blocklist logic and WordPress metadata keys. 

Hackers can exploit operational differences between the plugin and WordPress to trick Ultimate Member into updating the metadata keys. 

These keys include data that contain user role and capability information. WordPress advised site owners to disable the problematic plugin and closely monitor administrative accounts on their websites. While the WordPress plugin library doesn't provide daily downloads stats, roughly 58K users have downloaded and installed the latest version which means that at least 140K WordPress websites running this plugin are still exposed to potential takeover attacks.

Site owners who think they are at risk are advised to disable Ultimate Member to prevent exploitation of the vulnerability. They should also audit all administrator roles on their sites, to identify rogue accounts.

WPScan:  Cyware:   Threatpost:    Oodaloop:    Hacker News:   Security Week:   Bleeping Computer:   Techradar

You Might Also Read: 

WordPress Comprises 90% Of Hacked Sites:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« The Seven Stages Of Cyber Resilience:
Canada Might Lose Its Dispute With Google »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Conscio Technologies

Conscio Technologies

Conscio Technologies is a specialist in IT security awareness. Our solutions allow you to easily manage innovative online IT awareness campaigns.

Clifford Chance

Clifford Chance

Clifford Chance are one of the world's pre-eminent law firms with resources across five continents. Practice areas include Cyber Security & Information Protection

Measured Insurance

Measured Insurance

Measured Insurance are bridging the gap between technology and Insurance using AI-Powered analytics that track clients’ exposure in real time to create smarter insurance products.

BIO-key

BIO-key

BIO-key is a pioneer and innovator, we are recognized as a leading developer of fingerprint biometric authentication and security solutions.

Schweitzer Engineering Laboratories (SEL)

Schweitzer Engineering Laboratories (SEL)

SEL specializes in creating digital products and systems that protect, control, and automate power systems around the world.

Island

Island

Island puts the enterprise in complete control of the browser, delivering a level of governance, visibility, and productivity that simply weren’t possible before.

SignalFire

SignalFire

SignalFire invest across both enterprise and consumer sectors at the seed and early growth stages.

International Association of Financial Crimes Investigators (IAFCI)

International Association of Financial Crimes Investigators (IAFCI)

International Association of Financial Crimes Investigators provides services and information about financial fraud, fraud investigation and fraud prevention.

Klaatu IT Security (KITS)

Klaatu IT Security (KITS)

Klaatu IT Security is a boutique provider of cyber security services, empowering our clients to prioritise and reduce their cyber risk.

AnzenSage

AnzenSage

AnzenSage is a cybersecurity advisory consultancy specializing in security risk resilience for the food sector: agriculture, food manufacturing, food supply chain, vineyards, and wineries.

Bleach Cyber

Bleach Cyber

Bleach Cyber helps small businesses with an affordable and user-friendly solution for managing cloud security.

ARGOS Cloud Security

ARGOS Cloud Security

ARGOS aims to simplify and strengthen cloud security, by creating a visual map of security vulnerabilities, to your priceless information stored in any cloud provider environment.

TriVigil

TriVigil

TriVigil offer a full-service, comprehensive cybersecurity approach specifically tailored to meet the unique needs of educational institutions.

iConnect IT Business Solutions DMCC

iConnect IT Business Solutions DMCC

iConnect is a trusted IT Solutions and Technology Services company, proudly serving clients across the Middle East and Africa.

Boo Consulting

Boo Consulting

Boo Consulting is a trusted privacy and risk consultancy firm. We are driven to help you find an appropriate solution that will suit your budget and requirements.

GlitchSecure

GlitchSecure

GlitchSecure helps companies secure their products and infrastructure through real-time continuous security testing.