• Feedback
  • RSS Feed
  • Sitemap
Ommcom News
  • Home
  • Odisha
  • Nation
  • World
  • Sports
  • Business
  • Entertainment
  • Videos
  • Science & Tech
  • Photo Gallery
  • ଓଡ଼ିଆରେ ପଢନ୍ତୁ
No Result
View All Result
  • Home
  • Odisha
  • Nation
  • World
  • Sports
  • Business
  • Entertainment
  • Videos
  • Science & Tech
  • Photo Gallery
  • ଓଡ଼ିଆରେ ପଢନ୍ତୁ
No Result
View All Result
Odisha News, Odisha Breaking News, Odisha Latest News || Ommcom News
Home Science & Tech

Over 2 Lakh WordPress Websites Vulnerable To Hacking Due To Plugin Bug

OMMCOM NEWS by OMMCOM NEWS
July 2, 2023
in Science & Tech

New Delhi: More than 2 lakh WordPress websites are at the hacking risk due to a critical unpatched security vulnerability that was being actively exploited by malicious actors.

According to WordPress security firm WPScan, the bug is present in the Ultimate Member plugin, which is a free user profile WordPress plugin that makes it easy to create powerful online communities and membership sites with WordPress.

“This is a very serious issue as unauthenticated attackers may exploit this vulnerability to create new user accounts with administrative privileges, giving them the power to take complete control of affected sites,” the security firm warned.

There was “no complete fix to this issue” and worryingly, “there were indications that this issue was being actively exploited by malicious actors,” the firm added.

In response to the vulnerability report, the creators of the plugin promptly released a new version, 2.6.4, intending to fix the problem.

“However, upon investigating this update, we found numerous methods to circumvent the proposed patch, implying the issue is still fully exploitable,” the WPScan team noted.

The plugin operates by using a pre-defined list of user metadata keys that users should not manipulate.

It uses this list to check if users are attempting to register these keys when creating an account.

“Unfortunately, differences in how the Ultimate Member’s blocklist logic and how WordPress treats metadata keys made it possible for attackers to trick the plugin into updating some it shouldn’t,” said the team.

The security researchers recommend that the users should disable the Ultimate Member plugin until a patch that completely remediates this security issue is made available.

Sites on WP.cloud hosts, such as WordPress.com and Pressable.com, have received a platform-level patch to help mitigate the vulnerability.
 (IANS)

ShareTweetSendSharePinShareSend
Previous Post

Forest Officials Nab 5 Wildlife Smugglers With 4 Elephant Tusks In Odisha’s Mayurbhanj

Next Post

Heavy Downpours In Japan Leave 1 Dead, 2 Missing

Related Posts

Cyber Extortion Syndicate
Science & Tech

CBI Busts Transnational Cyber Extortion Syndicate, Arrests Key Operative In Mumbai

June 27, 2025
Bone Cancer
Science & Tech

Indian Researchers Develop Diagnostic Device To Detect Early-Stage Bone Cancer

June 27, 2025
Blood Clotting
Science & Tech

IIT-BHU Bioengineers Develop Nanoparticles To Stop Blood Clotting

June 27, 2025
Science & Tech

Zimbabwe Records Increase In AIDS-Related Deaths, Says Health Ministry

June 27, 2025
Science & Tech

India Tops Global GenAI Adoption With 92 Pc Workforce Usage: Report

June 26, 2025
Nation

Shubhanshu Shukla Enters Space Station, A Giant Leap For India

June 26, 2025
Next Post

Heavy Downpours In Japan Leave 1 Dead, 2 Missing

Unable To Bear Harassment Of Finance Co, Debt-Ridden Couple Commits Suicide In Puri

Sri Lankan Parliament Establishes Committee To Control Drug Menace

khimji
OMC
  • Feedback
  • RSS Feed
  • Sitemap

© 2025 - Ommcom News. All Rights Reserved.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

No Result
View All Result
  • Home
  • Odisha
  • Nation
  • World
  • Sports
  • Business
  • Entertainment
  • Videos
  • Science & Tech
  • Photo Gallery
  • ଓଡ଼ିଆରେ ପଢନ୍ତୁ

© 2025 - Ommcom News. All Rights Reserved.