WordPress Membership Plugin Flaw Exposes Sensitive Stripe Data

WordPress membership plugin vulnerability exposing sensitive Stripe payment data affects up to 10,000 websites.
Threat Post

Ultimate Member Plugin for WordPress Allows Site Takeover

Three critical security bugs allow for easy privilege escalation to an administrator role. A WordPress plugin installed on more than 100,000 sites has three critical security bugs that each allow ...
Searchenginejournal.com

WordPress Ultimate Member Plugin Vulnerability

Today it was announced that “critical and severe vulnerabilities” affect a WordPress community building plugin called, Ultimate Member was patched. This vulnerability is easy to exploit and gives the ...
ZDNet

Critical privilege escalation bugs squashed in WordPress Ultimate Member plugin

Accounting for over 100,000 active installations on websites that use the WordPress content management system (CMS), Ultimate Member allows webmasters to offer membership, sign-ups, and member profile ...
Homeland Security Today

Multiple Vulnerabilities in the WordPress Ultimate Member Plugin

The Ultimate member plugin version 2.0.45 and lower is affected by multiple vulnerabilities, among them is a critical vulnerability allowing malicious users to read and delete your wp-config.php file, ...
Bleeping Computer

Hackers exploit zero-day in Ultimate Member WordPress plugin with 200K installs

Hackers exploit a zero-day privilege escalation vulnerability in the 'Ultimate Member' WordPress plugin to compromise websites by bypassing security measures and registering rogue administrator ...
Bleeping Computer

WordPress plugin bugs can let attackers hijack up to 100K sites

Admins of WordPress sites who use the Ultimate Member plugin are urged to update it to the latest version to block attacks attempting to exploit multiple critical and easy to exploit vulnerabilities ...