PSA: Unpatched Critical Privilege Escalation Vulnerability in Ultimate Member Plugin Being Actively Exploited

by

Today, on June 29, 2023, the Wordfence Threat Intelligence Team became aware of an unpatched privilege escalation vulnerability being actively exploited in Ultimate Member, a WordPress plugin installed on over 200,000 sites, through our vulnerability changelog monitoring we do to ensure the Wordfence Intelligence Vulnerability Database has the most up to date and accurate information. … Read more

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 19, 2023 to June 25, 2023)

by

Last week, there were 84 vulnerabilities disclosed in 76 WordPress Plugins and 2 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 42 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected. Our mission with … Read more

WordPress 6.3 Beta 2

by

WordPress 6.3 Beta 2 is ready for download and testing. This is the first release of the 6.3 cycle, as there was no Beta 1 due to technical issues with packaging the release. Rather than further delaying a beta release, the release squad has decided to package and ship Beta 2. This version of the … Read more

miniOrange Addresses Authentication Bypass Vulnerability in WordPress Social Login and Register WordPress Plugin

by

On May 28, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Authentication Bypass vulnerability in miniOrange’s WordPress Social Login and Register plugin, which is actively installed on more than 30,000 WordPress websites. The vulnerability makes it possible for an unauthenticated attacker to gain access to any account on … Read more