A critical unpatched vulnerability in the popular Ultimate Member WordPress plugin has been discovered, putting approximately 200,000 websites at risk of compromise. The flaw, identified as CVE-2023-3460, affects all versions of the Ultimate Member plugin, including the most recent release. Exploiting this vulnerability, hackers have launched a widespread hacking campaign that involves creating rogue administrator accounts and uploading malicious plugins and themes. The urgency to address this security issue and protect user data is paramount.
The Unpatched Flaw
The vulnerability resides in the Ultimate Member plugin, a popular choice for adding user registration and profile management functionality to WordPress websites. The flaw allows attackers to execute arbitrary code and gain unauthorized access to sensitive user information, such as email addresses, usernames, and potentially even passwords.
The Exploitation and Hacking Campaign
The ongoing hacking campaign targeting the Ultimate Member plugin involves several steps employed by the attackers. Initially, they make a POST request to the plugin’s user registration page, usually “/register.” Following this, they attempt to log in using the newly created account through the “/wp-login.php” page. Finally, the attackers upload a malicious plugin via the targeted website’s administration panel.
During these attacks, the hackers commonly use usernames such as “apadmins,” “wpadmins,” “wpenginer,” and “segs_brutal” for the malicious accounts they create. Indicators of compromise include the presence of malicious plugins like “yyobang,” backdoors like “autoload_one.php” added to legitimate plugins, and malicious themes like “fing.” Additionally, modifications made to the active theme’s functions.php file, including attempts to create a persistent user named “wpadminns,” are also observed.
The Impact of CVE-2023-3460
The unpatched vulnerability tracked as CVE-2023-3460 poses a severe threat to the security of websites utilizing the Ultimate Member plugin. With the potential compromise of as many as 200,000 WordPress websites, user data is at risk of being exposed to unauthorized access. The severity of this flaw is reflected in its high CVSS score of 9.8, highlighting the urgent need for website owners to take immediate action.
Addressing the Issue
To mitigate the risks associated with CVE-2023-3460 and protect user data, website owners are strongly urged to follow these recommendations:
- Remove Malicious Plugins and Themes: Scan your website for any malicious plugins or themes, specifically checking for the presence of “yyobang,” “autoload_one.php,” and “fing.” Remove them promptly and ensure that all installed plugins and themes are from trusted sources.
- Update the Ultimate Member Plugin- Regularly check for plugin updates and ensure that the latest version of the Ultimate Member plugin is installed
Stay Tuned for an Upcoming Article on Free Tools and Configurations to Secure Your WordPress Website
Found this article interesting? Follow us on Twitter and Linkedin to read more exclusive content we post.
