PSA: Unpatched Critical Privilege Escalation Vulnerability in Ultimate Member Plugin Being Actively Exploited | allinfosecnews.com

June 29, 2023, 8:43 p.m. | Chloe Chamberland

Wordfence www.wordfence.com

Today, on June 29, 2023, the Wordfence Threat Intelligence Team became aware of an unpatched privilege escalation vulnerability being actively exploited in Ultimate Member, a WordPress plugin installed on over 200,000 sites, through our vulnerability changelog monitoring we do to ensure the Wordfence Intelligence Vulnerability Database has the most up to date and accurate information. ...
Read More

The post PSA: Unpatched Critical Privilege Escalation Vulnerability in Ultimate Member Plugin Being Actively Exploited appeared first on Wordfence.

actively exploited aware critical database escalation exploited intelligence june monitoring plugin privilege privilege escalation psa team threat threat intelligence unpatched vulnerabilities vulnerability vulnerability database wordfence wordfence intelligence wordpress wordpress plugin wordpress security

More from www.wordfence.com / Wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 22, 2024 to April 28, 2024) 1 day, 8 hours ago | www.wordfence.com

april bounty bug bug bounty +16

$197 Bounty Awarded for Unauthenticated Arbitrary Post Deletion Vulnerability Patched in LeadConnector WordPress Plugin 4 days, 8 hours ago | www.wordfence.com

bounty bug bug bounty deletion +16

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 15, 2024 to April 21, 2024) 1 week, 1 day ago | www.wordfence.com

april bounty bug bug bounty +17

$493 Bounty Awarded for Arbitrary Options Update Vulnerability Patched in WP Datepicker WordPress Plugin 1 week, 3 days ago | www.wordfence.com

april bounty bug bug bounty +16

$2,063 Bounty Awarded for Privilege Escalation Vulnerability Patched in User Registration WordPress Plugin 2 weeks ago | www.wordfence.com

bounty bug bug bounty disclosure +18

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 8, 2024 to April 14, 2024) 2 weeks, 1 day ago | www.wordfence.com

april bounty bug bug bounty +17

$400 Bounty Awarded for SQL Injection Vulnerability Patched in WP Activity Log Premium WordPress Plugin 2 weeks, 2 days ago | www.wordfence.com

activity log bounty bug bug bounty +21

$1,250 Bounty Awarded for Unauthenticated SQL Injection Vulnerability Patched in Email Subscribers by Icegram Express … 2 weeks, 4 days ago | www.wordfence.com

bounty bug bug bounty can +19

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 1, 2024 to April 7, 2024) 3 weeks, 1 day ago | www.wordfence.com

april bounty bug bug bounty +17

Senior Security Specialist, Forsah Technical and Vocational Education and Training (Forsah TVET) (NEW)

@ IREX | Ramallah, West Bank, Palestinian National Authority

View on infosec-jobs.com

Consultant(e) Junior Cybersécurité

@ Sia Partners | Paris, France

View on infosec-jobs.com

Senior Network Security Engineer

@ NielsenIQ | Mexico City, Mexico

View on infosec-jobs.com

Senior Consultant, Payment Intelligence

@ Visa | Washington, DC, United States

View on infosec-jobs.com

Corporate Counsel, Compliance

@ Okta | San Francisco, CA; Bellevue, WA; Chicago, IL; New York City; Washington, DC; Austin, TX

View on infosec-jobs.com

Security Operations Engineer

@ Samsara | Remote - US

View on infosec-jobs.com