Threat Watch

Ultimate Member WordPress Plugin Vulnerable to Privilege Escalation

Ultimate Member is a free WordPress plugin for managing user registration and profiles with features to help create an online community. On October 23rd, the Threat Intelligence team at Wordfence disclosed multiple vulnerabilities with the plugin that made it possible to escalate privilege and take over a WordPress site. During user registration, a lack of filtering meant that an attacker could add extra fields to the form to submit information such as the new user’s role. With this, the attacker simply needed to create a new user and modify the request to include the administrator role to gain full privileges. The plugin’s developer worked with Wordfence, sending patched updates to test the remediation. By October 29th, all identified vulnerabilities had been patched and version 2.1.12 had been published.

ANALYST NOTES

Ultimate Member has over 100,000 active installations, but statistics in the WordPress plugin repository only show that the plugin has been download roughly 35,000 times since the update released. Binary Defense highly encourages all WordPress administrators using Ultimate Member to update to version 2.1.12 immediately to avoid possible site takeovers. Administrators should also regularly check each installed plugin for available updates. WordPress makes it easy to see all installed plugins and their available updates through the admin portal.

Source: https://www.wordfence.com/blog/2020/11/critical-privilege-escalation-vulnerabilities-affect-100k-sites-using-ultimate-member-plugin/