Threat Post

Ultimate Member Plugin for WordPress Allows Site Takeover

Three critical security bugs allow for easy privilege escalation to an administrator role. A WordPress plugin installed on more than 100,000 sites has three critical security bugs that each allow ...
Bleeping Computer

Hackers exploit zero-day in Ultimate Member WordPress plugin with 200K installs

Hackers exploit a zero-day privilege escalation vulnerability in the 'Ultimate Member' WordPress plugin to compromise websites by bypassing security measures and registering rogue administrator ...
ZDNet

Critical privilege escalation bugs squashed in WordPress Ultimate Member plugin

Accounting for over 100,000 active installations on websites that use the WordPress content management system (CMS), Ultimate Member allows webmasters to offer membership, sign-ups, and member profile ...
Searchenginejournal.com

Ultimate Member WordPress Plugin Vulnerability Allows Full Site Takeover

Ultimate Member WordPress plugin vulnerability, with over 200,000 active installations is being actively exploited on unpatched WordPress sites. The vulnerability is said to require trivial effort to ...