Around 200,000 WordPress websites are at risk of being attacked by exploiting an unpatched security flaw in the Ultimate Member plugin.
According to The Hacker News, the vulnerability, with tracking code CVE-2023-3460 (CVSS score 9.8), exists in all versions of the Ultimate Member plugin (extension) including the latest version (2.6). .6) was released on June 29, 2023.
Ultimate Member is a popular plugin for creating user and community profiles on WordPress websites. This utility also provides account management features.
WPScan – WordPress security company says this security flaw is very serious, through which attackers can exploit them to create new user accounts with administrative privileges, giving hackers complete control. affected websites