Today it was announced that “critical and extreme vulnerabilities” affect a WordPress community building plugin called, Ultimate Member was fixed. This vulnerability is easy to exploit and gives the attacker admin level access, which means they can do whatever they like to the site.
This is how Wordfence portrays the reality of this exploit:
“This vulnerability is considered very critical as it makes it possible for originally unauthenticated users to easily escalate their privileges to those of an administrator. Once an attacker has administrative access to a WordPress site, they have effectively taken over the entire site and can perform any action, from taking the site offline to further infecting the site with malware.”
The Ultimate Member WordPress plugin is a type of community building plugin that allows a WordPress publisher to allow readers to become members who can get different levels of access as well as interact with each other socially.
It’s an answer that can also be utilized to limit access to the content to registered users only and to allow different levels of membership privileges, like publishing to the site.
There are three exploitable vectors in the plugin and all three are privilege escalation exploits. A privilege escalation exploit is when an attacker can increase their user privilege.
For instance, if someone is registered with a site as a subscriber they can do things like reading articles and comment on them.
But with an exploit, they can raise their site privileges from subscribers to an administrator-level and thus grant themselves the capacity to do anything they want with the site.
An authenticated privilege escalation exploit is when someone needs to have some sort of confirmation, as a subscriber role.
With an Unauthenticated Privilege Escalation abuse, an individual doesn’t need to be a registered user.
The exploit affects the Ultimate Member plugin included two unauthenticated exploits and one authenticated exploit.
The Authenticated Privilege Escalation abuse allows a registered user to update their privileges.
The Unauthenticated Privilege Escalation exploit allows an attacker to use the registration form as an attack vector.
These exploits are serious, rated critical, and severe.
Here’s how WordFence describes it:
“…this vulnerability is considered critical as it allows originally unauthenticated users to escalate their privileges with some conditions. Once an attacker has elevated access to a WordPress site, they can potentially take over the entire and further infect the site with malware.”
It is recommended that users update promptly to Ultimate Member WordPress plugin version 2.1.12. That version contains the patch that fixes the vulnerability.
We at CodeLedge, are Sweden’s best WordPress development services providers. We are the experts at making awesome websites for your business. Feel free to talk with us at firstname.lastname@example.org or get a quote from here.