Thousands Of WordPress Sites Exposed 

More than 200,000 WordPress sites have less security which exposes them to attacks that target the Ultimate Member Plugin. This is a service designed to make it easier to allow users to add profiles, define roles, and create member directories. But this allows hackers to add new administrative accounts to the user group.

Tracked as CVE-2023-3460 (CVSS score of 9.8), the recently identified security defect in Ultimate Member lets attackers add a new user account to the administrators group. The defect is a Cross Site Request Forgery (CSRF).

A CSRF flaw means that site does not distinguish between intentional actions taken by the user and forged requests generated by a malicious link or script request. This CSRF flaw allowed attackers to forge a request on behalf of an administrator and inject code on a vulnerable site allowing potential attackers to remotely execute arbitrary code on websites running vulnerable Code Snippets installation.

A high severity CSRF bug allows attackers to take over WordPress sites running an unpatched version of the Code Snippets plugin because of missing referer checks on the import menu.

Some of the plugin’s users have observed the creation of rogue accounts and reported them recently, but the attacks appear to have been ongoing at least since the beginning of June this year. WPScan, WordPress’s security firm, says that the bug is rooted in a conflict between the plugin’s blocklist logic and WordPress metadata keys. 

Hackers can exploit operational differences between the plugin and WordPress to trick Ultimate Member into updating the metadata keys. 

These keys include data that contain user role and capability information. WordPress advised site owners to disable the problematic plugin and closely monitor administrative accounts on their websites. While the WordPress plugin library doesn't provide daily downloads stats, roughly 58K users have downloaded and installed the latest version which means that at least 140K WordPress websites running this plugin are still exposed to potential takeover attacks.

Site owners who think they are at risk are advised to disable Ultimate Member to prevent exploitation of the vulnerability. They should also audit all administrator roles on their sites, to identify rogue accounts.

WPScan:  Cyware:   Threatpost:    Oodaloop:    Hacker News:   Security Week:   Bleeping Computer:   Techradar

You Might Also Read: 

WordPress Comprises 90% Of Hacked Sites:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« The Seven Stages Of Cyber Resilience:
Canada Might Lose Its Dispute With Google »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ACIS Professional Center

ACIS Professional Center

ACIS provides training and consulting services in the area of information technology, cybersecurity, IT Governance, IT Service management, information security and business continuity management.

ECSC Group

ECSC Group

ECSC is a full-service information security provider, specialising in 24/7/365 security breach detection and Artificial Intelligence (AI).

Kaspersky Lab

Kaspersky Lab

Kaspersky Lab is one of the world’s largest privately held vendors of endpoint cybersecurity solutions.

Quantivate

Quantivate

Quantivate is a provider of web-based Governance, Risk, and Compliance (GRC) software and service solutions.

Alliance for Cyber Security (ACS)

Alliance for Cyber Security (ACS)

An alliance of all major players in the field of cyber security in Germany with a mission to strengthen Germany’s resistance to cyber-attacks.

Aeriandi

Aeriandi

Aeriandi is a leading provider of hosted PCI security compliance solutions for call centres, trusted by high street banks and major Telcos.

NSIDE Attack Logic

NSIDE Attack Logic

NSIDE Attack Logic simulates real-world cyber attacks to detect vulnerabilities in corporate networks and systems.

Slovak National Accreditation Service (SNAS)

Slovak National Accreditation Service (SNAS)

SNAS is the national accreditation body for Slovakia. The directory of members provides details of organisations offering certification services for ISO 27001.

Fortalice

Fortalice

Fortalice provide customizable consulting services built on proven methodology to strengthen your business cyber security defenses.

Amadeus Capital Partners

Amadeus Capital Partners

Amadeus Capital Partners offers over 20 years’ experience in technology investment. Our areas of focus include AI & machine learning and cyber security.

Fairfirst Insurance

Fairfirst Insurance

Fairfirst Cyber Insurance protects your business assets against the complexity of cyber threats.

Cyber Smart Defense

Cyber Smart Defense

Cyber Smart Defense is a specialist provider of penetration testing services and IT security audits.

RevBits

RevBits

RevBits provides high-performance cybersecurity solutions including email security, endpoint security, deception technology and PAM solution to enterprise companies and public sector organizations.

Wazuh

Wazuh

Wazuh is a free, open source and enterprise-ready security monitoring solution for threat detection, integrity monitoring, incident response and compliance.

Mutare

Mutare

For three decades, Mutare has been empowering organizations to re-imagine a better way to connect through our transformative voice security, digital voice and text messaging solutions.

Strivacity

Strivacity

Strivacity lets brands quickly add secure login and identity management capabilities to their customer-facing applications without tying up an army of developers or consultants to do it.

Offensive Security Manager (OSM)

Offensive Security Manager (OSM)

Offensive Security Manager is the ultimate AI software that will enforce offensive security automation, orchestration, coverage, ensure quality, and lets you manage whole process.