A critical security flaw, CVE-2023-3460,
has been identified in the widely used
‘Ultimate Member’ plugin, posing a
significant threat to website owners.
Attackers are exploiting this vulnerability,
allowing them to create unauthorized user
accounts with administrator privileges. As a
result, over 200,000 WordPress websites
are currently at risk.
This article aims to raise awareness among
site owners about the severity of the issue
and provide mitigation measures.
The ‘Ultimate Member’ plugin streamlines
WordPress registration and login, but has a
flaw (CVE-2023-3460) enabling hackers to
create privileged accounts. Suspicious
account creation since June suggests